Need to move to digital certs and pin numbers.
But if their is a backdoor that will do you no good.
More than anything, companies need to do what we did at cisco: use an electronic one-time pad that you carry with you at all times. Every password you ever use is “burned” as soon as you use it.
Employees have to keep the OTP card with them at all times, lest they not be able to log into anything.
Other than that inconvenience, it works pretty well.