Enable Touch ID for sudo on macOS

Since macOS Sonoma, there is an official way to enable Touch ID for sudo that survives OS updates via /etc/pam.d/sudo_local.¹

Run this single command to apply it:

sed "s/^#auth/auth/" /etc/pam.d/sudo_local.template | sudo tee /etc/pam.d/sudo_local

This copies the system-provided template and uncomments the pam_tid.so line in one step. The resulting file looks like:

# sudo_local: local config file which survives system update and is included for sudo
# uncomment following line to enable Touch ID for sudo
auth       sufficient     pam_tid.so

Open a new terminal and sudo will prompt for Touch ID.