diff --git a/alohomora/req.py b/alohomora/req.py
index 1f7660e..5b7e69a 100644
--- a/alohomora/req.py
+++ b/alohomora/req.py
@@ -79,10 +79,11 @@ def login_two_factor(self, response):
 
 class DuoRequestsProvider(WebProvider):
     """A requests-based provider of authentication data"""
-    def __init__(self, idp_url, auth_method=None):
+    def __init__(self, idp_url, auth_method=None, allow_interactive=True):
         self.session = None
         self.idp_url = idp_url
         self.auth_method = auth_method
+        self.allow_interactive = allow_interactive
 
     def login_one_factor(self, username, password):
         self.session = requests.Session()
@@ -287,6 +288,8 @@ def _get_duo_device(self, soup):
         devices = [dev for dev in devices if dev.value in supported_devices]
         LOG.debug("Acceptable devices: %s" % devices)
         if len(devices) > 1:
+            if not self.allow_interactive:
+                alohomora.die("Refusing to prompt for duo device")
             device = alohomora._prompt_for_a_thing(
                 'Please select the device you want to authenticate with:',
                 devices,
@@ -311,6 +314,8 @@ def _get_auth_factor(self, soup, device):
                     factors = [factor for factor in factors if self.auth_method in factor.lower()]
 
                 if len(factors) > 1:
+                    if not self.allow_interactive:
+                        alohomora.die("Refusing to prompt for authentication method")
                     factor_name = alohomora._prompt_for_a_thing(
                         'Please select an authentication method',
                         factors)
diff --git a/bin/alohomora b/bin/alohomora
index 9e8957d..ddaae83 100755
--- a/bin/alohomora
+++ b/bin/alohomora
@@ -87,6 +87,10 @@ class Main(object):
         parser.add_argument("--idp-name",
                             help="Name of your SAML IdP, as registered with AWS",
                             default='sso')
+        parser.add_argument("--passwd",
+                            help="Where to find the password",
+                            choices=['stdin', 'getpass'],
+                            default='getpass')
         self.options = parser.parse_args()
 
         #
@@ -119,7 +123,10 @@ class Main(object):
         if(not username):
             alohomora.die("Oops, don't forget to provide a username")
 
-        password = getpass.getpass()
+        if('stdin' == self._get_config('passwd', 'getpass')):
+            password = sys.stdin.readline().rstrip('\n')
+        else:
+            password = getpass.getpass()
 
         idp_url = self._get_config('idp-url', None)
         if(not idp_url):
@@ -130,7 +137,9 @@ class Main(object):
         #
         # Authenticate the user
         #
-        provider = alohomora.req.DuoRequestsProvider(idp_url, auth_method)
+        allow_interactive=('stdin' != self._get_config('passwd', 'getpass'))
+        provider = alohomora.req.DuoRequestsProvider(
+                idp_url, auth_method, allow_interactive=allow_interactive)
         (okay, response) = provider.login_one_factor(username, password)
         assertion = None
 
@@ -164,6 +173,9 @@ class Main(object):
                 role_arn = "arn:aws:iam::%s:role/%s" % (account_id, role_name)
                 principal_arn = "arn:aws:iam::%s:saml-provider/%s" % (account_id, idp_name)
             else:
+                if('stdin' == self._get_config('passwd', 'getpass')):
+                    alohomora.die("Refusing to prompt for role when using --passwd stdin")
+
                 selectedrole = alohomora._prompt_for_a_thing(
                     "Please choose the role you would like to assume:",
                     awsroles,