diff --git a/arch.md b/arch.md
index cbed575..103855e 100644
--- a/arch.md
+++ b/arch.md
@@ -12,6 +12,8 @@
     - [TPM2 LUKS Decryption](#tpm2-luks-decryption)
     - [Don't sleep while plugged in](#dont-sleep-while-plugged-in)
     - [Fingerprint Reader Support](#fingerprint-reader-support)
+      - [Setup](#setup)
+      - [Turn Off Fingerprint When Laptop Lid Closed](#turn-off-fingerprint-when-laptop-lid-closed)
     - [AppImage Support](#appimage-support)
     - [Bluetooth](#bluetooth)
     - [Audio](#audio)
@@ -224,45 +226,35 @@ HandleLidSwitchDocked=ignore
 
 ### Fingerprint Reader Support
 
+#### Setup
+
 1. `sudo pacman -S fprintd`
 2. `sudo systemctl enable --now fprintd`
 3. Enable fingerprint terminal login but prompt for password first (enter switches to prompt for fingerprint)
 
-    sudo vim /etc/pam.d/sudo and at the top of the file:
+    /etc/pam.d/sudo
 
     ```conf
     # fingerprint auth
     auth      sufficient pam_fprintd.so
     ```
 
-    sudo vim /etc/pam.d/system-auth and at the top of the file:
-
-    ```conf
-    # fingerprint auth
-    auth      sufficient pam_fprintd.so
-    ```
-
-**Turn Off Fingerprint When Laptop Lid Closed**
+#### Turn Off Fingerprint When Laptop Lid Closed
 
 To disable fingerprint authentication when the laptop lid is closed, and
 re-enable when it is reopened, we will use acpid to bind to the button/lid.*
-event to a custom script that will stop and mask the fprintd service on lid
-close, and unmask and start the fprintd service on lid open.
+event to a custom script that will comment out fprintd auth in /etc/pam.d/sudo.
 
-We also check that the HDMI cable is connected by testing the contents of
-/sys/class/drm/card0-HDMI-A-1/status.
-
-Follow the steps below:
+Usually we'd just `systemctl mask fprintd` but this breaks gdm (as of 08/06/23). See
+<https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2267> and
+<https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6585>.
 
 1. `pacman -S acpid` and then `systemctl enable --now acpid`
-2. Create a .locks file in your home dir: `mkdir ~/.locks`
-3. Create file /etc/acpi/laptop-lid.sh with the following contents:
+2. Create file /etc/acpi/laptop-lid.sh with the following contents:
 
     ```bash
     #!/bin/bash
 
-    lock=/home/ducoterra/.locks/fprint-disabled.lock
-
     if grep -Fq closed /proc/acpi/button/lid/LID0/state # &&
         # This is used to detect if a display is connected.
         # For USB C displayport use: 
@@ -270,14 +262,12 @@ Follow the steps below:
         # For hdmi use:
         # grep -Fxq connected /sys/class/drm/card0-HDMI-A-1/status
     then
-        touch "$lock"
-        systemctl stop fprintd
-        systemctl mask fprintd
-    elif [ -f "$lock" ]
-    then
-        systemctl unmask fprintd
-        systemctl start fprintd
-        rm -f "$lock"
+        # comment out fprintd
+        sed -i -E 's/^([^#].*pam_fprintd.so)/#\1/g' /etc/pam.d/sudo
+    else
+        # uncomment fprintd
+        sed -i -E 's/#(.*pam_fprintd.so)/\1/g' /etc/pam.d/sudo
+
     fi
     ```
 
@@ -298,9 +288,8 @@ Follow the steps below:
 
 Now the fingerprint will be used only when the lid is open.
 
-In order to restore the correct state of the fprintd service if you
-disconnect/reconnect while the laptop is off, you may call the above script
-from a systemd init file. The steps to do this are the following:
+In order to ensure the correct state after suspend we need a service file which
+runs our script on wake.
 
 1. Create a file named /etc/systemd/system/laptop-lid.service with the following contents: