diff --git a/bin/omarchy-fido2-setup b/bin/omarchy-fido2-setup
new file mode 100755
index 0000000..e873392
--- /dev/null
+++ b/bin/omarchy-fido2-setup
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+yay -S --noconfirm --needed libfido2 pam-u2f
+
+# Check if the user doesn't want sudo
+while [[ $# -gt 0 ]]; do
+  case $1 in
+  --no-sudo) exit 0 ;;
+  *)
+    echo "Unknown option: $1 \n --no-sudo is the only option"
+    exit 1
+    ;;
+  esac
+  shift
+done
+
+tokens=$(fido2-token -L)
+if [ -z "$tokens" ]; then
+  echo -e "\e[31m\nNo fido2 device detected. Plug it in, you may have to unlock it as well\e[0m"
+else
+
+  # Create the pamu2fcfg file
+  if [ ! -f /etc/fido2/fido2 ]; then
+    sudo mkdir -p /etc/fido2
+    echo -e "\e[32m\nLet's setup your device, confirm on the device now\n\e[0m"
+    pamu2fcfg >/tmp/fido2 # This needs to run as the user
+    sudo mv /tmp/fido2 /etc/fido2/fido2
+  fi
+
+  # Add fido2 auth as an option for sudo
+  if ! grep -q pam_u2f.so /etc/pam.d/sudo; then
+    sudo sed -i '1i auth    sufficient pam_u2f.so cue authfile=/etc/fido2/fido2' /etc/pam.d/sudo
+  fi
+fi