Using TouchID for sudo in the terminal on Mac

Anyone who regularly works in the terminal will type sudo dozens of times a day. By default, macOS then asks for your password. You can also do that with TouchID - a lot faster and just as secure.

Method 1 - sudo_local (macOS Ventura and newer, recommended)

Starting with macOS Ventura, Apple has added a file specifically for local PAM modifications: /etc/pam.d/sudo_local. The advantage: this file is not overwritten during a macOS update, unlike the older method.

Create the file if it does not already exist:

sudo nano /etc/pam.d/sudo_local

Add this line:

auth sufficient pam_tid.so

Save with Control + X → Y → Enter. No restart required.

Method 2 - /etc/pam.d/sudo (macOS Monterey and older)

Open the file:

sudo nano /etc/pam.d/sudo

Insert at the top (after the first comment line) this line:

auth sufficient pam_tid.so

Note: a macOS update may reset this file. Use method 1 if you have macOS Ventura or newer.

Then run a sudo command - instead of a password prompt, the TouchID popup appears.