A tiny wireless key that replaces passwords with your fingerprint. Screen unlock, sudo, SSH — one touch.
Buy immurok
Millions of developers have no fingerprint option at all.
They just type passwords. Every. Single. Time.
Mac desktop & clamshell MacBooks — Apple's only fix is a $199 keyboard. If you use a mechanical keyboard, you're out of luck.
Linux — fprintd exists, but few hardware to go with it.
What we need — an efficient, simple, elegant, and secure wireless fingerprint authenticator.
Three steps. Half a second. Zero passwords.
Place your finger on the capacitive sensor. Matched entirely on-device — biometric data never leaves the hardware.
Device sends an HMAC-SHA256 signed response over Bluetooth LE. The companion app verifies the signature with a shared key established during ECDH pairing.
The app handles authentication depending on context — PAM module for sudo and lock screen, SSH agent for Git signing and remote login.
Custom PAM module intercepts sudo, lock screen, and system auth prompts. Talks to the companion app via Unix socket — the app triggers fingerprint verification on the device and returns the result.
ECDSA private key generated and stored on device. The companion app acts as an SSH agent — when a signature is requested, it forwards the challenge to the device, which signs after fingerprint confirmation.
ECDH P-256 key exchange during pairing establishes a shared secret. Every BLE message is signed with HMAC-SHA256 — the device authenticates to the app, and the app authenticates to the device.
Built for security, performance, and simplicity.
Lock screen → touch → unlocked. Works with Mac mini, clamshell MacBooks, and Linux.
Push commits signed with your fingerprint. On-device ECDSA private keys.
Replace sudo passwords with a fingerprint touch. Full PAM integration for macOS and Linux.
<30µA idle current. USB-C charging. The device sleeps until your finger wakes it.
Secure pairing with P-256 key exchange. Every auth response is cryptographically signed.
macOS app and PAM module are fully open source. Audit it yourself.
The only standalone wireless fingerprint authenticator for Mac and Linux.
| immurok from $* |
Magic Keyboard Touch ID · $199 |
USB dongles various |
|
|---|---|---|---|
| Mac mini / Mac Studio | ✓ | ✓ | ✗ |
| Clamshell mode | ✓ | ✓ | ✗ |
| Linux support | ✓ | ✗ | ✗ |
| Wireless | ✓ BLE | ✓ | ✗ |
| SSH Agent | ✓ | ✗ | ✗ |
| sudo / PAM | ✓ | ✓ macOS only | ✗ |
| Standalone (no keyboard) | ✓ | ✗ | ✓ |
| Open-source app | ✓ | ✗ | ✗ |
| Price | $* | $199 | N/A |
Your biometric data never leaves the device. No cloud. No account. No telemetry.
Fingerprint templates and crypto keys are stored on the device. Nothing is transmitted or stored on your computer.
Zero network calls. Zero analytics. Works entirely offline via Bluetooth — no internet required.
ECDH P-256 key exchange for secure pairing. OTA firmware updates are cryptographically verified.
macOS app and PAM module are on GitHub. Audit it yourself or have your security team review it.
Built for engineers, by engineers.
| Processor | Custom embedded MCU |
| Connectivity | Bluetooth LE |
| Fingerprint sensor | Capacitive |
| Idle current | <30µA |
| Recognition time | <500ms |
| Battery | LiPo 300mAh (USB-C) |
| Battery life | ~3 months standby |
| Dimensions | 52 × 32 × 12 mm |
| Weight | 38g / 63g |
| macOS App | Swift, macOS 13+ |
| PAM Module | C, open source |
| Firmware | C (bare-metal) |
| Security | ECDH + HMAC-SHA256 |
| Auth methods | Lock · sudo · SSH |
| Templates stored | Up to 10 fingers |
| Compatibility | macOS 13+ / Linux |
| Updates | OTA via macOS app |
| License | MIT (App & PAM) |
No subscription. No hidden fees. One device, forever.
Launching 2026. Join the waitlist to get early access.
Open-source macOS app and PAM module. Documented BLE API. Build your own integrations.
Menu bar app + PAM integration
PAM module for sudo & login
Full protocol docs for custom clients