Those devices are still in place but are often smartphone apps now. We use RSA’s product for this very thing, but there are plenty of vendors that do the same.
I’m an advocate for certificate-based authentication where a corporation sets up a robust PKI environment in-house and administers user- and device-level certification authentication for everything. It’s seamless to the user, but it prevents unauthorized access. Sadly, most corporations don’t have the brain- or man-power to put these systems into place.
I’ve done it for my personal home network, and it took me almost a week to tweak it to my liking. A corporate environment takes much more time and effort.
My son had a similar keychain device to access his account at a govt research lab. I’ll have to check to see what they use now.