For 6 digits, I would say that someone who knows what was clicked will have 64 possibilities, only 1 of which is the actual PIN. It's 2^n where n=length of PIN.
Actually, I was asking how many sessions an attacker would have to log to be able to crack the PIN code exactly, with one or two chances, at max.
As a rough guess, a 6 PIN code can be cracked if an attacker has 10 - 30 sessions logged to study for patterns.
So, I think this idea don't work (a virtual keyboard with dual random numeric characters) well enough, because it will be only a matter of time...
Problem with encrypting wallet is that the user can take millions of guesses a second if they have stolen a copy of if off your computer.
So password needs to be much longer.
That's right, edited.
The reason it works for your bank is that if you get it wrong 3 times they lock your account. So the criminal has little chance of get through.
And you have to go there
in person to reactivate it. This idea won't even works for online wallets, since the semi anonymous feature is inherent in the bitcoin's system, unless you prefer to identify yourself (not so much of a concern for some folks).
Heavily edited the head of the original post. This
only neither works well with physical banks (because of the "10-30 sessions logged pattern recognition" problem)!