Different initial log in and user passwords

AFAICT the password one sets for the user in System Prefs>Users and Groups for a user is utilized for initial log in to the computer, after sleep if that option is used, and for installing software and other administrative tasks.

Can one assign different passwords for those functions?

Can one have say an initial login password, but then use a different one when that same user with the same privileges does stuff like installing software?

I realize I could do stuff like log in as root, but that's not what I'm looking for.

 

Too long a story to recount here, but basically I am doing a bunch of stuff requiring that I have admin permissions to do installations and such, and yet don't wanna accidently leave the machines sitting around with root access. I thought it might be easier to just have a screen lockout password that was different so I could prevent any access, and yet not have to reenter the password over and over and over as I modify things.

Turns out I'll just change the password instead, and then change it back. Using root works, but it's easy to make a little mistake and leave something inaccessible from the regular admin account.

But this has lead me to some questions, like under what circumstances a lockout will occur in the face of a brute force attempt to crack the password.

What I think is the solution to my problem, however, is a two-factor authentication at start up, which just normal password authentication once the machine is booted. But I need something that'll work offline, so I'll start looking. Thanks.