I would like to setup a 2FA prompt for every time I startup my iMac, which is in a shared workspace. This would prevent someone who has my password from starting-up my iMac, decrypting FileVault, and logging in to my machine. I'm surprised at how hard it is to find a 2FA login solution. Does MacOs prevent the use of 2FA after startup because only a password can be used to decrypt FileVault? I prefer to shut down my machine when I leave the office so that my hard drive is encrypted, so just leaving it running at the login prompt is not a good solution for me. My preferred solution would be to add a 2FA code to my Google Authenticator app on my iPhone. I did discover something called SAASPASS that looks like it may offer what I am looking for? Is a Yubikey an option? Pros/cons of different solutions? I'm surprised 2FA for FileVault isn't an option that's already baked into MacOS given Apple's growing security orientation, or more widely requested. Any thoughts on why? I'm willing to pay a modest sum for this security, but free would be preferable. Thanks.