Turns out it’s possible to authenticate with sudo using Touch ID, as per this (old) tweet by Cabel:
Pro MacBook Pro Tip: have a Touch Bar with Touch ID? If you edit /etc/pam.d/sudo and add the following line to the top…
auth sufficient pam_tid.so
…you can now use your fingerprint to sudo!
— Cabel (@cabel) November 16, 2017
Note that this will work against when SSH’ing into your machine, and then trying to run sudo
:
(Important caveat/warning: if you SSH into that machine, you will NOT be able to sudo, as your fingerprint cannot travel through SSH. 😜)
— Cabel (@cabel) November 16, 2017
If you set this up, do realize that anyone who can access your account using their finger (*) can now also do wrong things.
~
(*) It’s possible to add more than one fingerprint to Touch ID.
#macOS Tip: You can add extra fingerprints to Touch ID
☝️ I've added both my index fingers. I can unlock with left while my right hand is resting on the mouse
👨👩👧👦 They don't need to be your fingerprints. One could add the family's fingerprints
📱 Also works on iOS pic.twitter.com/qPPOU43SmO
— Bramus! (@bramus) June 11, 2020
In addition to my 2 index fingers, my wife can also access my computer using Touch ID.