Your TouchID equipped Mac can easily be configured to use your fingerprint to approve
Use your favorite text editor and open the file
and add the following line
auth sufficient pam_tid.so
pam_smartcard.so line as shown below and then save (Ctrl+O for
pico) the file.
$ sudo pico /etc/pam.d/sudo UW PICO 5.09 File: /etc/pam.d/sudo # sudo: auth account password session auth sufficient pam_smartcard.so auth sufficient pam_tid.so auth required pam_opendirectory.so account required pam_permit.so password required pam_deny.so session required pam_permit.so ^G Get Help ^O WriteOut ^R Read File ^Y Prev Pg ^K Cut Text ^C Cur Pos ^X Exit ^J Justify ^W Where is ^V Next Pg ^U UnCut Text^T To Spell File Name to write : /etc/pam.d/sudo ^G Get Help ^T To Files ^C Cancel TAB Complete [ Wrote 7 lines ] ^G Get Help ^O WriteOut ^R Read File ^Y Prev Pg ^K Cut Text ^C Cur Pos ^X Exit ^J Justify ^W Where is ^V Next Pg ^U UnCut Text^T To Spell
That’s it. Now when you open a new Terminal window you can use TouchID to approve sudo commands. If you also have your Apple Watch set to unlock your Mac, you will also be able to approve sudo commands by double-clicking the side button on the watch.
Keep in mind that this file is somewhat protected by macOS so after each OS update you will need to add the line to the file. Other than that, it works perfectly!