Mojave no longer allows a different password for filevault and the user password.

[hduarte]

In Mojave the user password is used to unlock the user account and the filevault disk.

In high sierra one could set up a password for filevault and not allow users the ability to unlock the disk.
This had the benefit of in case of a stolen laptop that is shutdown, even if the attacker had the user’s password it couldn’t decrypt the disk.

Has anyone found a solution in mojave to have different passwords for user and filevault ?

[hazcod]

Perhaps creating a separate encrypted APFS volume?

[kilo6eight]

This is pretty essential. Look at MacOS password-on-forwarding attacks to research more. If your threat model includes adversary who may wish to detain you and obtain contents off your HDD in decrypted state then you need to take following measures.

Create 3 accounts:

1 - Admin (Only used to unlock filevault disk, account is never used other purposes)
2 - Admin #2 (Used to perform admin functions)
3 - User Account

Once you have created the three accounts you need to use sysadminctl to remove SecureTokens from account #2 and account #3.
Result is only account #1 can authenticate and unlock filevault account. Outside of the BA environment you never use your account #1 password.

Use a Mac with T2 chip.

[drduh]

Please send a PR with updated instructions to the Admin and standard user accounts section.