An easy-to-use, open-source two-factor authentication app designed specifically for iOS.

Download on the App Store


  1. Scanning

    Scan the QR code your issuer provides to automatically add your account.
  2. Compatibility

    Support for both counter-based and time-based one-time passwords with 6 or 8 digits using the SHA1, SHA256, and SHA512 algorithms.
  3. Offline

    Requires no network or cellular connection and can be used in airplane mode.
  4. Security

    All your account details are safely stored in the iOS keychain.


Tofu generates one-time passwords to help you protect your online accounts. These passwords are used together with your normal password when you sign into services like Google, Facebook, Dropbox, Amazon, and GitHub.

Tofu works with all services that provide two-factor authentication using the HOTP and TOTP algorithms. It does not require a network or cellular connection and can be used in airplane mode.

Tofu is open source and free software licensed under the ISC license. The source code is available for review and modification on GitHub.


What is two-factor authentication?

Two-factor authentication requires you to provide two separate means of identification when you sign into your online accounts. One is commonly something you know, e.g. your password, and one is something you possess, like your iPhone.

Using two-factor authentication requires someone to have both your password and your iPhone to get into your account. This makes your account much harder to hack and hijack.

Many online services provide two-factor authentication by requiring you to enter a one-time password in addition to your normal username and password. To generate this password, a shared secret is required. Tofu stores this secret securely in your iPhone's keychain and generates the password for you.

What is the difference between two-factor authentication, 2FA, and two-step verification?
There is no difference. They all refer to the same concept.


Do you need help or have a question which isn't answered in the FAQ section above? Send me an email on and I'll do my best to get back to you as soon as possible.

You can also file an issue or submit a pull request on GitHub.