diff --git a/security.nix b/security.nix
index c2eaa45..84e8a34 100644
--- a/security.nix
+++ b/security.nix
@@ -5,9 +5,18 @@
     yubioath-flutter
   ];
 
-  security.pam.services = {
-    login.u2fAuth = true;
-    sudo.u2fAuth = true;
+  security.pam = {
+    services = {
+      login.u2fAuth = false; # U2F and password
+      sudo.u2fAuth = true; # U2F or password
+    };
+    u2f = {
+      enable = true;
+      settings = {
+        cue = true; # Prompt: Please touch the device
+        interactive = false; # Prompt: Insert your U2F device, then press ENTER.
+      };
+    };
   };
 
   services = {