I don't see the problem here. Yes, you have a, say, 5-digit code, that gives you 100000 possible combinations which a would-be attacker would need to try, physically, one after the other (using whatever order).

It's not like the phone keypad and screen can be remotely unlocked or anything.