Alice generates a random OTP secret and adds it to her OTP app as “Bob”.
Bob adds the same OTP secret in his app as “Alice”
To confirm the other’s identity:
Alice asks Bob for the code his app is showing under “Alice”
Alice confirms that her phone is showing the same code under “Bob”
If Bob wants proof of Alice’s identity, he can ask her for the next code to show up
I think this works similarly to your written down sentences, but you’ll never run out. It has the same problem in situations where people don’t have their stuff though (although your family is probably more likely to have their phone than a random piece of paper).
One piece of complexity is that OTP depends on the time, so if you’re sufficiently de-synchronized the numbers won’t align perfectly (although if Bob keeps reading off numbers, eventually one of them should show up on Alice’s app).
You could probably buy an already existing hardware solution for OTP. There are these small things where you press a button and the display shows a seemingly random number… and they are usually authenticated against some computer system, but I wonder if there is also an option to buy an “entangled” pair that generates the same sequence of numbers.
Then there are the scams that will pretend that you lost the OTP device. For that purpose you would need a secondary solution, but that one will be legitimately required very rarely.
You could probably use an OTP app for this.
Alice generates a random OTP secret and adds it to her OTP app as “Bob”.
Bob adds the same OTP secret in his app as “Alice”
To confirm the other’s identity:
Alice asks Bob for the code his app is showing under “Alice”
Alice confirms that her phone is showing the same code under “Bob”
If Bob wants proof of Alice’s identity, he can ask her for the next code to show up
I think this works similarly to your written down sentences, but you’ll never run out. It has the same problem in situations where people don’t have their stuff though (although your family is probably more likely to have their phone than a random piece of paper).
One piece of complexity is that OTP depends on the time, so if you’re sufficiently de-synchronized the numbers won’t align perfectly (although if Bob keeps reading off numbers, eventually one of them should show up on Alice’s app).
You could probably buy an already existing hardware solution for OTP. There are these small things where you press a button and the display shows a seemingly random number… and they are usually authenticated against some computer system, but I wonder if there is also an option to buy an “entangled” pair that generates the same sequence of numbers.
Then there are the scams that will pretend that you lost the OTP device. For that purpose you would need a secondary solution, but that one will be legitimately required very rarely.