Some applications where security when logging in/unlocking is crucial have their keyboards characters position randomized. This helps to prevent keyloggers or screen recordings where the attacker can identify the position of the characters pressed by the user and deduce his PIN, since the characters randomly change positions on the keyboard everytime the user gets the unlock screen.
Some crypto wallets like Trezor, Ledger and Samourai have the higgest security standarts. After all, they are used for self-custody of users funds.
I think these wallets can be used as a guideline for devs, the same way some of Lastpass or 1password features were adopted in Bitwarden. They should follow their best practices (like plausible deniability), they have good stuff there that can be used to build -an even better - product.