Skip to main content
June 28, 2025
Question

Linux, 1Password. Fingerprint Reader not working.

  • June 28, 2025
  • 1 reply
  • 408 views

I am running the latest version of 1Password for Linux on Ubuntu 22.04.02 LTS on a Lenovo ThinkPad.

I have enrolled a fingerprint and a password for my user account. I use either the fingerprint or the password to log in to my account daily.

sudo pam-auth-update shows Fingerprint authentication as one of the checked items.

When I enable "Unlock using system authentication service" in the settings for 1Password,
I'm only ever prompted for my user's password, and never prompted or shown an option for fingerprint.

Is there a way to troubleshoot or debug this on my end? I couldn't find any helpful documentation that would help me figure this out.

1 reply

June 30, 2025

I don't quite know how you enroll in fingerprint authentication on Ubuntu, but for me on Gentoo using a u2f token, I had to edit a couple of files in /etc/pam.d. I suspect Ubuntu probably has a more streamlined method.

The service that 1password uses to authorize you is "polkit-1" so it's that file you want to point at whichever file contains your "either fingerprint or password" configuration.

Take note that the pam settings are very different between distros, but as an example, here is my /etc/pam.d/polkit-1 file: 

#%PAM-1.0

auth       include      system-auth-touch-w-fallback
account    include      system-auth-touch-w-fallback
password   include      system-auth-touch-w-fallback
session    include      system-auth-touch-w-fallback

And here is my  /etc/pam.d/system-auth-touch-w-fallback file. 

auth		required	pam_env.so
auth		requisite	pam_faillock.so preauth
auth		[success=2 new_authtok_reqd=2 ignore=ignore default=bad]	pam_u2f.so	cue authfile=/etc/u2f_mappings origin=pam://xxx appid=pam://xxx nouserok
auth            [success=1 new_authtok_reqd=1 ignore=ignore default=bad]      pam_unix.so nullok  try_first_pass
auth		[default=die]	pam_faillock.so authfail
auth		optional	pam_cap.so
account		required	pam_unix.so
account         required        pam_faillock.so
password	required	pam_passwdqc.so config=/etc/security/passwdqc.conf
password	required	pam_unix.so try_first_pass use_authtok nullok yescrypt shadow
session		required	pam_limits.so
session		required	pam_env.so
session		required	pam_unix.so