Tofu generates one-time passwords to help you protect your online accounts. These passwords are used together with your normal password when you sign into services like Google, Facebook, Dropbox, Amazon, and GitHub.
Tofu works with all services that provide two-factor authentication using the HOTP and TOTP algorithms. It does not require a network or cellular connection and can be used in airplane mode.
Tofu is open source and free software licensed under the ISC license. The source code is available for review and modification on GitHub.
Two-factor authentication requires you to provide two separate means of identification when you sign into your online accounts. One is commonly something you know, e.g. your password, and one is something you possess, like your iPhone.
Using two-factor authentication requires someone to have both your password and your iPhone to get into your account. This makes your account much harder to hack and hijack.
Many online services provide two-factor authentication by requiring you to enter a one-time password in addition to your normal username and password. To generate this password, a shared secret is required. Tofu stores this secret securely in your iPhone's keychain and generates the password for you.
Online services that support two-factor authentication generally provide so called backup or recovery codes during the setup process. If you lose access to your iPhone, you can use one of these codes instead of the one-time passwords generated by Tofu. It is really important to keep these safe. We recommend either printing them on paper to store somewhere safe, or saving them in a password manager such as 1Password.
As a secondary level of protection, accounts in Tofu are also included in iOS backups. To be able to restore these on a new iPhone, backups must be made using iTunes or Finder on the Mac, and have to be password protected. Tofu's accounts will not migrate to a new iPhone, when restoring from an iCloud backup. This is true for all apps that store accounts in the iOS Keychain and there's currently no way for us to affect this. We hope Apple will change how iOS backups work in the future.
Take a look at the the FAQ section above for answers to common questions. You can also file an issue or submit a pull request on GitHub.