You can setup a separated account with a long password on MacOS and remove your user account from accounts that can unlock FileVault. Then you can change your account to use a short password. You can also change various settings regarding how long Mac has to sleep before requiring to unlock FileVault.

I didn’t understand how a user that cannot unlock FileVault helps. Can you please elaborate on this setup? Thanks.

With that setup on boot or after a long sleep one first must log in into an account with longer password. Then one logs out of that and switches to the primary account with a short password.

As another alternative, rather than using Touch ID you can setup a Yubikey or similar hardware key for login to macOS. Then your login does indeed become a PIN with 3 tries before lockout. That plus a complex password is pretty convenient but not biometric. It's what I've done for a long time on my desktop devices.

I often see people use a "pin" on Windows and I never got it. What is the purpose of a pin makes it different from a password?

PIN numbers are easier to remember. Remember, 99% of the population does not care about defense against state actors, just stopping nosy co-workers or family members from looking at their stuff. The next group (which I would include myself in) is concerned about theft (both physical and remote), where someone can get "unlimited" access to your machine and may be able to defeat a short PIN but is unlikely to beat a strong password. If you are in the realm of defending against state actors, then that is something you have to take multiple steps to ensure, and a single slip-up will tank your operation (like with this lady).

Wait, wasn’t touch id phased out together with the intel touch bar macbooks? I’ve never used anything but a long password to unlock.

No, it's been part of the power button since then.

On my Macbook Pro, I usually need to use both touch and a password but that might be only when some hours have passed between log ins.

You can script a time out if desired.

uhm, are you saying its not possible to require an actual password to unlock osx?

My guess is they want to have a PIN as a short-term credential analogous to the Touch ID, that is, it only works for X hours per password auth before needing password auth again, and then you only get X tries on the PIN before it either locks the PIN out and you need the full password to reactivate it (or I guess it could wipe the laptop à la iPhone).

> uhm, are you saying its not possible to require an actual password to unlock osx?

uhm, are saying that i'm saying that? if so, please show me where i said that. thank you

no, thats why i was asking, as i was not fully sure what you meant

what im saying is that i dont want to type in a long ass password all the time

and biometrics have "legal problems" as stated above

a pin or allowing touchid to automatically be disabled after a period of time or computer movement ("please enter password to login") would be greatly appreciated

as it stands now, i have biometrics disabled.

seems reasonable