You can setup a separated account with a long password on MacOS and remove your user account from accounts that can unlock FileVault. Then you can change your account to use a short password. You can also change various settings regarding how long Mac has to sleep before requiring to unlock FileVault.
replyI didn’t understand how a user that cannot unlock FileVault helps. Can you please elaborate on this setup? Thanks.
replyWith that setup on boot or after a long sleep one first must log in into an account with longer password. Then one logs out of that and switches to the primary account with a short password.
replyAs another alternative, rather than using Touch ID you can setup a Yubikey or similar hardware key for login to macOS. Then your login does indeed become a PIN with 3 tries before lockout. That plus a complex password is pretty convenient but not biometric. It's what I've done for a long time on my desktop devices.
replyWait, wasn’t touch id phased out together with the intel touch bar macbooks? I’ve never used anything but a long password to unlock.
replyNo, it's been part of the power button since then.
replyOn my Macbook Pro, I usually need to use both touch and a password but that might be only when some hours have passed between log ins.
replyYou can script a time out if desired.
replyuhm, are you saying its not possible to require an actual password to unlock osx?
replyMy guess is they want to have a PIN as a short-term credential analogous to the Touch ID, that is, it only works for X hours per password auth before needing password auth again, and then you only get X tries on the PIN before it either locks the PIN out and you need the full password to reactivate it (or I guess it could wipe the laptop à la iPhone).
reply