Use Touch ID for sudo on Mac

By  on  

The landscape of security is changing quite a bit. We've gone from basic username and password to 2FA, facial recognition, fingerprint recognition, and so on. Hell, my Mac unlocks simply when I have my Apple Watch near by. In the end, I probably use the Mac fingerprint key the most.

One functionality that still requires manually typing a password is using sudo from command line. Did you know, however, that you can instead require the fingerprint key instead of typing out your password?

# Open the sudo utility
sudo vi /etc/pam.d/sudo

# Add the following as the first line
auth sufficient pam_tid.so

Whether or not you'd prefer to type it out or simply use the fingerprint is obviously personal preference. Since you expect to be be typing in a command line, moving your finger to touch the key is probably not very efficient. If you do want to use fingerprint, however, here you go!

Recent Features

  • By
    5 Ways that CSS and JavaScript Interact That You May Not Know About

    CSS and JavaScript:  the lines seemingly get blurred by each browser release.  They have always done a very different job but in the end they are both front-end technologies so they need do need to work closely.  We have our .js files and our .css, but...

  • By
    Create a CSS Flipping Animation

    CSS animations are a lot of fun; the beauty of them is that through many simple properties, you can create anything from an elegant fade in to a WTF-Pixar-would-be-proud effect. One CSS effect somewhere in between is the CSS flip effect, whereby there's...

Incredible Demos

  • By
    MooTools Text Flipping

    There are lots and lots of useless but fun JavaScript techniques out there. This is another one of them. One popular April Fools joke I quickly got tired of was websites transforming their text upside down. I found a jQuery Plugin by Paul...

  • By
    Six Degrees of Kevin Bacon Using MooTools 1.2

    As you can probably tell, I try to mix some fun in with my MooTools madness but I also try to make my examples as practical as possible. Well...this may not be one of those times. I love movies and useless movie trivia so naturally I'm...

Discussion

  1. Luka

    First you need to make the file writable (it is not by default). And you need to do this after every macOS update, because macOS updates reset the file content.

  2. Yohann Paris

    Nice trick. Unfortunately, on Big Sur, at least, it pops up the touch id alert to use it only when the session is terminated, so it’s not useful.

  3. Mehdi Abbassi

    But it is read-only!

  4. Robert Coggeshall

    As the co-author of sudo, I am amused :)

  5. No need to make it writable when editing it with vi, you just add a ! to the save and exit command (:wq!) and it will save it corectly – it will even preserve the read only state of the file.

    Works nicely on Big Sur for me, it pops up the touch id alert, I touch and sudo all the things =)

  6. Is there a way to make sudo work with the Apple Watch as well?

Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!