A Pluggable Authentication Module (PAM) which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensitive network connections, etc if a user is coerced into giving a threat actor a password.
Why do you think that https://github.com/YuriyGuts/persistent-touch-id-sudo is a good alternative to pam-duress