The procedure is:
1. Kid tells password to parent in person. 2. From then on: when kid calls parent, if kid requests anything sensitive, parent ask for the password, and kid must provide it. 3. Password is never mentioned over the phone in any other situation.
How would anyone be able to extract the password from the kid?
"Oh my gosh Dad/Son! You know we have a password for that!"
"Yes -- actually, use it now so WE BOTH KNOW YOU'RE NOT A SCAM!"
"Sure, Dad/Son! It's DOUBLE CHEESEBURGER!"
"Thanks!"
“Grandma the password is ‘Integra’ but I can just tell you now, it’s not me calling you, it must be a sca—“
“Thanks got it byeeeeee” <scammer calls grandma>