Ever wondered how to adjust the time window before your Mac demands a password again after using Touch ID? Here’s how to configure these settings from the terminal.
Screen Lock Password Delay
The most common scenario is controlling how long after your screen locks before a password is required. This setting determines whether Touch ID alone can unlock your Mac or if you need to type your password.
# Set delay in seconds (0 = immediately, 300 = 5 minutes)
defaults write com.apple.screensaver askForPasswordDelay -int 0To check your current setting:
defaults read com.apple.screensaver askForPasswordDelaySudo Command Timeout
If you’re specifically dealing with sudo commands in the terminal, the timeout is controlled via the sudoers file:
sudo visudoAdd or modify this line:
Defaults timestamp_timeout=30The value is in minutes. Notable options:
0requires authentication every single time-1never times out (use with caution)- Any positive number sets the timeout in minutes
Touch ID for Sudo
While you’re tweaking sudo settings, you might also want to enable Touch ID for sudo commands. Add this line to the top of your sudoers file:
auth sufficient pam_tid.soOr create a dedicated file:
sudo nano /etc/pam.d/sudo_localAdd:
auth sufficient pam_tid.soImportant Notes
- The screen lock setting requires a logout or restart to take effect
- Be cautious with sudo timeout changes on shared machines
- macOS may override some settings after major updates, so check these periodically
These small tweaks can significantly improve your daily workflow, balancing security with convenience based on your environment.