Require password for next unlock (disable touch-id for next unlock) – macOS

require_password_on_next_unlock.sh

#!/bin/bash

# require_password_on_next_unlock.sh:
# -----------------------------------
# Johannes Zweng, 8.11.2020
#
# Disable and enable global touch id unlock on macOS.
#
# After re-enabling unlock by touch-id, macOS will ask for
# password on the first unlock event (which is exactly what we want). :-)
#
# This script requires root privileges! Thus using 'sudo' will make your
# life easier. Save this script in a place where it is only writable by root
# (and also the containing directory!) so that it cannot be replaced
# or modified by non-root users.
#
# Then it is safe to configure 'sudo' to run this script as root without
# asking for password:
#
# in sudoers file (edit with 'visudo') this can be achieved by adding this line:
# %admin          ALL = (ALL) NOPASSWD: /path/to/this/script/require_password_on_next_unlock  # (take extra care the file is only modifiably by root!!)
#
# After that you can run this script as normal user via:
# >  sudo /path/to/this/script/require_password_on_next_unlock
#

# DISABLE unlock by touch-id
bioutil --write --system --unlock 0

# ENABLE unlock by touch-id
bioutil --write --system --unlock 1

Thanks for this, I've been using it for a while now.

This is really strange, but I recently started using Hyper as my terminal, and I noticed that the script doesn't work when running from Hyper.

Strangely, the script executes just fine (I even get the "Operation performed successfully." messages), however it doesn't actually disable Touch ID. Even running just the disable command doesn't do what it's supposed to do.

I guess I'll have to remember to use the official Terminal app whenever I run this.