This isn't a terrible idea, it's a form of multifactor auth. The problem is a lot of players are just going to enter 123456 for the pin, and still get their stuff compromised because it's a pain to remember.
then it's people's problem that they create such easy PIN