Add Apple Watch authentication to sudo
Note: This article was written in for Intel Macs (not Apple Silicon) that do not have TouchID. If you have a modern Mac, then I recommend Add TouchID authentication to sudo.
Since 1Password added Apple Watch unlock I’ve wondered if there are other situations when I need to enter my password where it instead require a click of my Watch instead. I recently came across an article about how to make sudo work with Touch ID, which is nice, but my iMac Pro doesn’t have Touch ID. I went searching though and found pam-watchid!
This is a PAM module for using the Watch – exactly what I want.
- Download the latest ZIP file
- Unzip, which by default creates a folder called pam-watchid-main
- Open Terminal and install it:
- $ cd ~/Downloads/pam-watchid-main
- $ sudo make install
- Regsiter the new PAM module for sudo:
- Edit /etc/pam.d/sudo
- Add a new line under line 1 (which is a comment) containing:
auth sufficient pam_watchid.so
(Leave all other lines in this file.)
That’s it. Now, whenever you use sudo, you have the option of using your Watch to authenticate.