Table of Contents:

Sudo with Touch ID on the macOS Terminal


I am lazy. Need I say more?

Listen, this is not a major thing, but I use sudo extensively. Therefore typing my password over and over again gets tedious at some point.

Lucky for me there is a solution…

Touch ID as an authentication method for sudo was at least envisioned by apple as it seems. However it is deactivated by default.


The file /etc/pam.d/sudo contains the authentication methods and rule sets for sudo on the command line.

All that remains is adding auth sufficient at the beginning of the file. You will require sudo permissions to be able to write to the file.

# sudo: auth account password session
auth       sufficient # new line
auth       required
account    required
password   required
session    required

Bonus: This works for all of the sudo prompts in my Emacs as well.

Be advised:

You are messing with permission escalation here. Do be aware of the risks involved here. Read up if necessary.


This works with all the Terminal emulators, that I have used so far (Terminal, Kitty, Alacritty,…) out of the box.

However iTerm2 seems to be a diva in that regard. Meaning, that it needs more settings to go along. This is illustrated in this GitLab issue.

  • Go to Preferences > Advanced
  • Search for Allow sessions to survive after logging out and back in
  • Select “No” in the drop-down.