This is called 2-factor authentication, and it is MUCH more secure than a single password of any length or complexity.
You can enable it on Gmail, Yahoo, and iCloud. Each uses a slightly different method to generate and convey the second password.
RSA - the company - has these tokens.
They were hacked a couple of years ago, though they seem to have recovered.