Obvious thing that SEED+password must be hidden behind the second PIN. Make it 12-digits long and left 3 valid attempts to enter and I am sure no one will pass through the barrier.
[...]
I have 20 characters long password and beside the burden of entering it each time this is one more point of frustration for me when even single wrong character infiltrates the typing.
Why don't you just use a 12-digit numeric passphrase then?
12-digit numeric passphrase is not equal to mix of 20 characters consisting of digits, caps, small letters and special characters.
Personally, I find the Passport keypads and form factor very comfortable for entering even long PINs and passphrases, so I like the current implementation.
My experience with Passport is not so long as yours. Only two days have passed since the moment when I got it into my hands.
First impressions.
Form factor is good but sure not for frequent travelers like me who has to pass through customs borders a few times a month, I am still afraid of custom controls. I would prefer to have it even not in the form of the old-style cell phone. Maybe something like ordinary calculator with in-front functions to calculate would be better to disguise real thing, who knows.
I am gradually began to adopt myself to their implementation of password feature and see at least one positive moment in entering password each time after rebooting , namely, such procedure will stamp firmly that password into my memory.
If we now start implementing what's basically a PIN-based passphrase 'bypass', suddenly something built-in into Bitcoin that is universally seen as a very strong extra layer of security, may suddenly be quite insecure depending on wallet implementation used. One wallet may allow you to bypass / 'unlock' the passphrase through a simple numeric 4-digit PIN, another may require you to enter it completely and so on.
No one prohibits Foundation to implement PIN-based passphrase 'bypass' option alongside with already existing one-time passphrase choice. So, what you said is not really an argument.
I like the current implementation.
their clients base is more wider than a single person.