*** Welcome to piglix ***

Duress code


A duress code is a covert distress signal used by an individual who is being coerced by one or more hostile persons. It is used to warn others that they are being forced to do something against their will. Typically, the warning is given via some innocuous signal embedded in normal communication, such as a code-word or phrase spoken during conversation to alert other personnel. Alternatively, the signal may be incorporated into the authentication process itself, typically in the form of a panic password, distress password, or duress PIN that is distinct from the user's normal password or PIN. These concepts are related to a panic alarm and often achieve the same outcome.

Some home and property alarm systems have duress PINs, where the last two digits of the reset code are switched around. Entering the code when under duress from an assailant can trigger a silent alarm, alerting police or security personnel in a covert manner. The implementation of this feature has not been without controversy, as it has been claimed to lead to false alarms. A similar mechanism, SafetyPIN, has been proposed for use in ATMs. In 2010, the Federal Trade Commission issued a report studying the viability of such mechanisms for ATMs. They noted duress PINs have never been actually implemented in any ATM, and conclude that the costs of deployment outweighs the likelihood they will actually deter criminal activity.

When a duress PIN is used to trigger a silent alarm, an adversary can always request the PIN in advance and ensure the appropriately modified PIN is entered instead. If the adversary does not know which PIN is correct, they may choose randomly between the two possible codes allowing them to succeed half of the time.

In scenarios where a panic password is used to limit access control, instead of triggering an alarm, it is insufficient to have a single panic password. If the adversary knows the system, a common assumption, then he will simply force the user to authenticate twice using different passwords and gain access on at least one of the two attempts. More complex panic password schemes have been proposed to address this problem.

For cases where verbal communication (e.g. via cell phone) is possible with family member or friend, a covert phrase can be used to signal duress. In the slim chance that a captor allows the person in duress to use their cell phone (e.g. to obtain a PIN), there is a limited opportunity to use a duress code. Because conversations are often being monitored by a captor, they must be subtle and short. Ideally, the use of a duress code has been confirmed before the current situation, so the family member or friend has verifiable evidence that something is wrong, and when the authorities are notified aren't just limited to speculation. Examples would include asking about someone (or something) who does not exist. For example, a person might use "What is Cindy barking at?" if she knows that either the dog has a different name or that there is no dog. Another example, which is also an widely shared urban legend, would be a person calling 911 for help and pretending to order pizza delivery


...
Wikipedia

...