TheUnknownBlog

Back
3 min read
en-US

A Simple Hack to Use Touch ID for sudo on macOS

Tired of typing your sudo password on macOS? Learn how to enable Touch ID for sudo commands in just a few simple steps.
views | comments

If you spend any amount of time in the macOS Terminal, you know the drill. You type a command with sudo, press Enter, you type your long, secure password for the tenth time today, and you think, “There has to be a better way.”

There is. And it’s right at your fingertips. It’s a simple, reversible, and game-changing tweak that you’ll appreciate every single day.

How It Works (The Quick Version)#

macOS uses a flexible system called PAM (Pluggable Authentication Modules) to handle authentication. All we’re going to do is edit the configuration file for sudo to tell it: “Hey, before you ask for a password, just check for a valid fingerprint from Touch ID first. If that works, we’re good to go.”

The 2-Minute Setup Guide#

Step 1: Open the Terminal#

You can find it in Applications/Utilities or just search for it with Spotlight (⌘ + Space).

Step 2: Open the PAM Configuration File#

We need to edit a protected system file, so we’ll use the simple command-line editor nano with sudo privileges. Copy and paste the following command and press Enter. It will ask for your password (likely for the last time!).

sudo nano /etc/pam.d/sudo
bash

The nano editor will open inside your Terminal window. You’ll see a few lines of configuration text.

The most important part is getting this next step right. On a new line right after the first commented line (the one starting with #), add the following:

auth       sufficient     pam_tid.so
plaintext

Make sure it is the very first active rule. For my system, the file looks like this after the edit:

# sudo: auth account password session

auth       sufficient     pam_tid.so   # <-- This is the line we added
auth       include        sudo_local
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so
plaintext

The keyword sufficient is what makes this work. It tells the system that if Touch ID authentication succeeds, it’s enough to grant permission, and no other authentication methods (like your password) are needed.

Step 3: Save and Exit#

  1. Press Control + O to Write Out (save) the file.
  2. Press Enter to confirm the filename.
  3. Press Control + X to exit nano and return to your prompt.

Time to Test It!#

For the change to take effect, you must open a new Terminal window or tab.

In your new Terminal session, type a simple sudo command, like:

sudo ls
bash

Instead of a password prompt, you should be greeted by a Touch ID verification pop-up. Place your finger on the sensor, and your command will run. Welcome to the good life.

Good to Know#

  • How do I undo this? Simply edit the /etc/pam.d/sudo file again and delete the auth sufficient pam_tid.so line you added.
  • What if it still asks for my password? You likely put the new line in the wrong place. Go back to Step 3 and make absolutely sure it’s the first non-commented line in the file.
  • What about macOS updates? Major system updates can sometimes overwrite this file, reverting it to the default. If Touch ID suddenly stops working for sudo after an update, just repeat these steps.

That’s it! Enjoy the precious seconds you’ve reclaimed. Happy coding! 👍

A Simple Hack to Use Touch ID for sudo on macOS
https://theunknownth.ing/blog/touchid-sudo
Author TheUnknownThing
Published at September 6, 2025
Copyright CC BY-NC-SA 4.0
Buy me a cup of coffee ☕.

Overview of the RISC-V Design with Tomasulo's Algorithm
Comment seems to stuck. Try to refresh?✨