Read up on the documentation for the filter login_redirect
And also see the answer to this question already answered
I’m not totally sure what you are trying to do with the PIN – is that sent to the user via text/email or displayed on the page?
Either way, the page you redirect to would need to generate the PIN, store it in a (custom) table, then when the user enters the PIN, check the (custom) table on form submission, and then redirect to the page you want them to go after that.