Our family has had this sort of 2 factor authentication for years. The rule is that when/if something goes sideways, we have a secret pass-phrase that must be used for the other party to be taken seriously. It's something that we won't say, as a general rule, but would make sense as part of a regular conversation if you didn't know what you're listening to.

We did this when an elderly relative got scammed by the 'your son has been arrested' type of scam. It became obvious to us that we needed something to verify that the person contacting us was legitimately the person we thought it was.

It's not hard to do and it doesn't require technology. Just like disaster planning and home inventories; it's just that most people don't think about this kind of thing until it's too late.

I think this needs to be provided by the government: an organisation that we already have to trust and already has a monopoly. Countries that get this sorted out will see their economies grow. Countries like the UK where people continue to believe that sending scans of utility bills is a good basis for a modern economy and somehow prevents money laundering will continue to go down the toilet.

There are plenty of studies and case studies that show this to be true, it's a necessity that government given identity should also exist digitally. It's rather insane it doesn't yet in the states.

The _easy_ thing is probably also the thing that's hard to productionize: Just agree upon a secondary channel beforehand, and if I ever text/call/send you a slightly grainy video clip you and you're concerned if its really me asking for 50 amazon gift cards, you contact me via Channel 2.

I don't think you can easily create a product to serve this, since _prior_ is the key there, and each pair of people should have their own preferred channels, since the scheme falls apart if the faker contacts you on Channel 2 first. If anything, centralizing on that part just creates a massive vulnerability.

Just use a shibboleth with your loved ones and/or business associates.

And convince your parents to use it every time. You'll need to run drills, of course. It's going to be a lot of fun.

it's not any harder than any website login. The only thing is that this isn't available as a simple service to normal people, maybe this is a feature Facebook should offer to have more value: your kids can sign in via biometrics on their phone and then it shows their parents on their facebook account that the child used biometrics X seconds ago to provide proof of identity.

> it's not any harder than any website login

Have you ever gone though a password reset process with a bank or 401k? They can't just say "oh, you lost access to your email? sorry, your money is gone".

They rely on phone calls, documents, security questions... all things which are very susceptible to programmatic social engineering.

I dont see how it matters, this is for the usecase that there is already an established and verified account with e.g Facebook. Many betting or crypto sites do passport and video verifications, Facebook can do the same. Then all the child has to do is login via the Facebook app as usual, on iPhones via biometrics but it doesn't have to be biometrics. It can be any kind of 2fa or tripple verification. Authenticator code + email + sms + app login, simply cutting down on the likelihood that someone is a fake person. Then the parent can see which verifications were done by the child on the Facebook dashboard to see if the kid is alive and able to do verifications instead of whatever else the attacker claims. I think you meant to say that the bank verification process can be socially engineered... well first of all to actually do that you also need a lot of fake documents and expertise and the bank has to utterly fail at their job. Which hopefully prompts governments to require in person meetings at the offline location for future bank accounts.

Ive seen https://docs.worldcoin.org/id floating around hacker news recently.

This is going to shortcircuit some lightswitch brains. Coin bad. Biometric surveillance bad. Coin and biometric surveillance good??

I'd say real time video chat with pre-shared secrets, but I don't even have confidence in that any more.