Add Apple Watch authentication to sudo

Since 1Password added Apple Watch unlock I’ve wondered if there are other situations when I need to enter my password where it instead require a click of my Watch instead. I recently came across an article about how to make sudo work with Touch ID, which is nice, but my iMac Pro doesn’t have Touch ID. I went searching though and found pam-watchid!

This is a PAM module for using the Watch – exactly what I want.

It’s Open Source, so you compile it yourself as per the README, so make sure you have Xcode or the Xcode Command Line Tools installed:

Download the latest ZIP file

Unzip, which by default creates a folder called pam-watchid-main

Open Terminal and install it:

$ cd ~/Downloads/pam-watchid-main
$ sudo make install

Regsiter the new PAM module for sudo:

Edit /etc/pam.d/sudo

Add a new line under line 1 (which is a comment) containing:
auth sufficient pam_watchid.so

(Leave all other lines in this file.)

That’s it. Now, whenever you use sudo, you have the option of using your Watch to authenticate.

Flatlogic Admin Templates banner

Leave a Reply

Your email address will not be published. Required fields are marked *