diff --git a/bin/omarchy-fido2-setup b/bin/omarchy-fido2-setup
index b379a8b..c6e8dfe 100755
--- a/bin/omarchy-fido2-setup
+++ b/bin/omarchy-fido2-setup
@@ -4,5 +4,19 @@ yay -S --noconfirm --needed libfido2 pam-u2f
 
 tokens=$(fido2-token -L)
 if [ -z "$tokens" ]; then
-  echo -e "\e[31m\nNo fido2 device detected.\e[0m"
+  echo -e "\e[31m\nNo fido2 device detected. Plug it in, you may have to unlock it as well\e[0m"
+else
+
+  # Create the pamu2fcfg file
+  if [ ! -f /etc/fido2/fido2 ]; then
+    sudo mkdir -p /etc/fido2
+    echo -e "\e[32m\nLet's setup your device, confirm on the device now\n\e[0m"
+    pamu2fcfg >/tmp/fido2 # This needs to run as the user
+    sudo mv /tmp/fido2 /etc/fido2/fido2
+  fi
+
+  # Add fido2 auth as an option for sudo
+  if ! grep -q pam_u2f.so /etc/pam.d/sudo; then
+    sudo sed -i '1i auth    sufficient pam_u2f.so cue authfile=/etc/fido2/fido2' /etc/pam.d/sudo
+  fi
 fi