And after skimming the paper, the only thing I could find in response to your point is:
Coercion detection. Since our aim is to prevent users from effectively transmitting the ability to authenticate to others, there remains an attack where an adversary coerces a user to authenticate while they are under adversary control. It is possible to reduce the effectiveness of this technique if the system could detect if the user is under duress. Some behaviors such as timed responses to stimuli may detectably change when the user is under duress. Alternately, we might imagine other modes of detection of duress, including video monitoring, voice stress detection, and skin conductance monitoring [8, 16, 1]. The idea here would be to detect by out-of-band techniques the effects of coercion. Together with in-band detection of altered performance, we may be able to reliably detect coerced users.
In addition to what Kaj_Sotala said, there is already a much simpler, more reliable way to detect coercion on authentication: distress passwords!
It's an interesting idea, to fight the standard social engineering attempts by hiding the password from the user. In a sense, all the conscious mind gets is "********". The paper is called "Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks". Here is a popular write-up and the paper PDF.
Abstract:
Cryptographic systems often rely on the secrecy of cryptographic keys given to users. Many schemes, however, cannot resist coercion attacks where the user is forcibly asked by an attacker to reveal the key. These attacks, known as rubber hose cryptanalysis, are often the easiest way to defeat cryptography. We present a defense against coercion attacks using the concept of implicit learning from cognitive psychology. Implicit learning refers to learning of patterns without any conscious knowledge of the learned pattern. We use a carefully crafted computer game to plant a secret password in the participant’s brain without the participant having any conscious knowledge of the trained password. While the planted secret can be used for authentication, the participant cannot be coerced into revealing it since he or she has no conscious knowledge of it. We performed a number of user studies using Amazon’s Mechanical Turk to verify that participants can successfully re-authenticate over time and that they are unable to reconstruct or even recognize short fragments of the planted secret.
While this approach does nothing against man-in-the-middle attacks, it can probably be evolved into a unique digital signature some day. Cheaper than a retinal scan or a fingerprint, and does not require client-side hardware.