Deleting locksettings.db certainly bailed me out when I wasn't able to unlock my phone even with a correct pin. However, I must also ask myself then how we can secure our phones. In the wrong hand, a thief can delete this file too to unlock!
Others have mentioned the key is to get into TWRP and therefore, one can simply put a password on TWRP. Sorry, I went through the settings of TWRP, but I couldn't find a place where I can set a password for it! If this is about Secure Startup, that is device/ ROM dependent. I have a Samsung S4 on stock ROM and can't figure out how to do it. If anyone knows, please share.
Now my last problem is I simply can't set a PIN anymore! It always complains incorrect and that takes me back to square one to delete the locksettings.db. I know it is likely related to a dirty flash (After dropping in a circuit board for GT-I9505 to replace the dead one for SGH-I337M, I wiped clean my phone and Odin'ed stock ROM for GT-I9505. Then I restored my old DATA partition from my TWRP backup, created when the phone was still an SGH-I337M, because reinstalling everything is imply too painful with 100+ apps. GT-I9505 and SGH-I337M are different variants of S4. The main circuit boards are supposed to be interchangeable, but I am sure Samsung has burned some codes to them to differentiate the 2. For example, when I tried to Odin I337M ROM to an I9505 board, it would be rejected even though both boards have unlocked bootloaders). Is there any way to set a PIN after a dirty flash?
[Update Oct 25th, 2020: I am able to set a PIN and my phone doesn't reject it as incorrect anymore! Go to settings -> Security -> Clear credentials to wipe out whatever the old junks are! I assume you only need to do this if you dirty flashed as I did.]