Any password that you give out will be stolen; that's why "let's have a special secondary password" doesn't solve much. There are now passwordless ways to authenticate, authorize, prove identity, make payments, etc. so that's what we should be suggesting.
Apple Pay is technically trying to solve this problem by providing one-time authentication keys for a specific transaction at time of payment. This sort of key can not be reused in another transaction... What exactly do you mean with other passwordless ways?