[pmw]

TOTP can be used today to authenticate a couple to each other over an untrusted medium.

It’s rather high friction; you have to set it up in advance, and then read a six digit number over the phone. And I am not sure that it mitigates the threats… in this situation, I suspect it wouldn’t. It could even make the situation worse if the daughter is genuinely in trouble but can’t access the authenticator.

But I can’t think of a better solution. Any other ideas?

[qnleigh]

I think a verbal password works just fine here. But it has to be something that you are 100% positive the other person wouldn't forget, otherwise it's not effective.

Also sending this article to family members so they're aware of this kind of thing.

[ProllyInfamous]

My problem with this is that it's effectively one-time use, only, if you're a high-enough-value target.

Once you secret is "said" apart, over technology, it could be considered compromát.

----

Maybe have your "secret" be about a particular vacation or time period, using a novel recollection dependingupon severity of each conversation.

[windexh8er]

A confirmation phrase and a poison pill phrase, don't overcomplicate it. This can be generated, shared and changed easily and with no tech.

[DecoPerson]

My 76 old Dad loves checking the TOTP on his phone and asking me to verbally read it out when I need him to accept a 2FA push notification to let me log into his bank or government accounts so I can do something for him.

He says it “feels like 007 stuff.” “AI will never trick me!”

We also have a duress code word, listed in the notes of that KeePass(ium) entry with the TOTP.