Firstly, if you have arrived at the point where you need a duress password, your physical security is already compromised.

Secondly, before going down this road, it would be worth considering what proportion of security breaches are due to passwords extracted under duress. I have no data but suspect intuitively that

it is extremely small.

Thirdly, I would advocate making a duress password completely different to the proper one, and as

hopefully it would be used infrequently, it should not change so often as regular passwords.

It would be important to consider how the system should respond to the entry of a duress password. It may be only a few minutes before the attacker realises the access gained is not full access, at which point the life of the employee under duress may be at risk. The response to a covert emergency alert needs to be in this kind of timescale.