ikenndac / tofu Goto Github PK

Please add Privacy.com, Anonaddy, Surfshark and Intuit (TurboTax), and Tresorit.

It'd make transferring easier so I do not have to have a lock on all of my accounts for 30 days because I changed the auth app

So I was testing a few 2FA apps and just to mess around I created a QR code with this website:
https://freeotp.github.io/qrcode.html

This is just an example:

!! Don't try to scan this code !!, it will most likely make tofu unusable !

After scanning this with Tofu, the app instantly crashes. And even after deleting and reinstalling the app: I cannot open Tofu! It simply crashes.

I also tried deleting the app, restarting the device and reinstalling the app. No difference.

Tested Tofu Version 1.8 with an iPhone 8 on 13.4.1
Also tried this with an iPhone 6s on 13.4.1

I wanted to ask for the ability to allow importing 2FA codes from Google Authenticator over to Tofu. Google has a feature to export the 2FA codes via a scannable QR code, but when you attempt to read this code with Tofu, it won't recognize it and say that it's invalid.

I'm not sure if that means that the QR code only works for Google Authenticator so it's only over different phones, but maybe you can look into it if possible?

I migrated to a new phone from an iCloud backup and Tofu is empty on the new phone. According to #14 Tofu should be able to migrate over to new devices if backups are encrypted. I'm assuming that is the case for iCloud backups, but perhaps they're special?

I'm at a loss as to how to debug this further.

At the moment, custom issuer icons are stored in IssuerIcons.sketch. This is a bit of a problem, as different pull requests that modify the file will overwrite it each other (git doesn't track changes in binary files like .sketch). This may have already happened, though I'm not sure, as several of the icons in Assets.xcassets are missing from IssuerIcons.sketch.

I would propose a new structure, that replaces the IssuerIcons.sketch file with a directory of icons in .sketch format. These files would be editable in Sketch, like before, but would be safe from accidentally deletion or modification. Additionally, these files could be stored with git-lfs to prevent the repo from accruing bloat.

The current directory structure is something along the lines of:

Tofu/
├─ IssuerIcons.sketch
├─ ...

Under the proposed changes, it would be structured as such:

Tofu/
├─ IssuerIcons/
│  ├─ Google.sketch
│  ├─ Github.sketch
│  ├─ Proton.sketch
│  ├─ ...

I would be more than happy to contribute this myself, but figured I'd check in, provide some reasoning, and allow for some feedback before jumping straight in.

Please add an icon for TETR.IO, they just recently added two-factor authentication.
Their website is https://tetr.io/.

The icon should be

Hey Calle, I love Tofu and I tell people about it as much as I can (...just like people who eat tofu, lol). I recently purchased an  Watch and I was wondering if support for it was in the pipeline.

Hi! Like the other issue reporter, also wanted to say I love the app!

Not sure if, longer-term, you'd prefer one mega-issue for tracking icon requests, or split (side idea: maybe make it possible for users to add their own icons? More code work, but could spare you from crazy esoteric requests and would rock for things like AWS, where I have 8 different TOTP rows)

My requests, just based on the stuff I've got in the app now:

• Coinbase
• Kickstarter
• "Amazon Web Services" (you currently have an icon for AWS, but the AWS tokens add themselves as "Amazon Web Services", which doesn't match. Changing the token info to AWS makes the icon show up)
• Name.com

Is it possible to get icons for Reddit, Snapchat and Instagram? Not sure how to do it myself, happy to do so though if someone can point me in the right direction.

Love the app!

Given that there's no action when you click on a row, it would be cool if clicking automatically copied the token (this is what the Google Auth app does).

That way, I'd not have to press-and-hold and then select Copy

Hi! Could you please add an icon for Example?

Their website is at https://example.com.

When scanning their QR code with Tofu, the account issuer shows up as Example.

Could you please add the option to lock to lock the app with face id or a password?

I think it would be nice to avoid bundling icons in Tofu but instead fetch the icons from the websites.

Most websites have a <link rel="icon" href="favicon.ico"> element, or even better icons for smartphones such as <link rel="apple-touch-icon-precomposed" sizes="114x114" href="...">.

What do you think of having a map of issuer to domain, and then automatically fetching the appropriate icon?
This would also make it easy to allow users to have icons for unsupported providers by adding an "icon domain" field to the edit page.

I could try to implement this if you think it's viable and interesting 😃

If I do implement this, would you be willing to accept a PR that uses an API to extract the icons such as realfavicongenerator.net?

After upgrading to Tofu 1.7 it crashes directly after starting it on iPhone 6S running iOS 12.4.1.

What if we switch from an Apple device over to Android, there is no way for us export our codes.

It'd be nice to be able to change the color of the letter and background for items without an icon.

Possible to add Tresorit, Twitter, Parler, and NordPass. Possible to add dark mode. Thank you.

Hi! Could you please add an icon for Kraken?

Their website is at https://www.kraken.com

When scanning their QR code with Tofu, the account issuer shows up as kraken.com

Their logo / icon could be exctracted out this vector graphics from Wikipedia: https://en.wikipedia.org/wiki/Kraken_(company)#/media/File:K-logo-wikipedia.svg (CC BY-SA 4.0)

I tried to create a 1024x1024 PNG version myself, although I don't know what amount of side margin is prefered:

When will you add Passcode/Touch ID when opening the app to the Tofu Authenticator app?

Hi! Could you please add an icon for Example?

Their website is at https://www.twitch.tv/.

Icon could be like this:

Thanks a lot for this great app!

Hi! Could you please add an icon for Example?

Their website is at https://www.globalrockstar.com/#/projects

First of all, I love the app! It is simple, fast and best of all open-source.
I do however have a request for some icons:

• WordPress
• Electronic Arts
• Ubisoft

Can you add these?
Thanks in advance, and keep up the good work :)

Hi, I was browsing for OTP apps in the App Store and had a difficult time choosing which one to use. I like Tofu mainly because it’s open-sourced. I’m trying out it for now and I do like to see a future update with Touch ID support to lock the app and a share sheet extension for autofill would be cool. Also, maybe a backup feature can be useful too?

I understand that tofu syncs with apple keychain. Is it feasible that tofu can backup to a custom git server? I run linux and doing backups isnt officially supported, so I try to use apps that sync to a git server I trust. Pass for iOS does this. Can tofu as well? Pss supports TOTP but passwords and totp in the same repo is a bad idea.

Thank you for your work on Tofu. It is an incredible app, and it is great to have such a high-quality 2FA app available on iOS.

With so many apps supporting 2FA now, it can become a bit time-consuming to scroll through the different accounts to find the correct one, and I was wondering if it would be possible to add an option for sorting them alphabetically at some point?

Thank you once again for your great work. It is highly appreciated!

I would like to suggest a few more logos to be added to the app.

I'm not sure how I can submit them myself, but I found logos for the following sites. On the sites there is SVG, PDF, JPG and PNG available.
NiceHash - https://www.nicehash.com/media
Basecamp - https://basecamp.com/about/press
Time4VPS - https://www.time4vps.com/wp-content/uploads/2017/03/logo.svg

Website: https://app.simplelogin.io/
Issuer shows up as: SimpleLogin.

All potential images I managed to find;
(192x192 & Transparent)

(200x200 & Transparent)

(512x512 & Not transparent)

I’m on: macOS Catalina (10.15.2), intending to back up Tofu (latest AppStore release) on an iPad (13.3).

Just need to know before I do some mandatory iPad maintenance and restore my device with a clean install, can I expect to lose all my Tofu data when restoring it from an encrypted icloud/hdd backup or not?

There’s not exactly a whiteboard here where it lists the recommended ’do’s and don’ts’, to summarily recommend novice users on what to be mindful of in the latest build. Just a side note: might be good to have an issue like this pinned to the top, maybe? There are just various reports of people losing their Tofu data when restoring iCloud/hdd encrypted backup. Not very reassuring.

So should I refrain from it and use another app, or not?
Don’t mind helping out and testing too. But first I need to secure my accounts.

Would you consider implementing a dark theme for the app? (sort of goes against the feel of "Tofu" but it's still a nice-to-have)

I have an iPhone 5S, so I can't run iOS 13. It appears that previous versions of Tofu worked on iOS 12--would you mind supporting it again? (I don't have a Mac, otherwise I'd try to fix this myself and send a PR--sorry for making a shameless feature request!)

Hello,

Thank you for building this App! One thing I miss is the ability to read the QR codes from images already stored in the Phone, or, the ability for other Apps to send images to Tofu.

Thank you.

should upgrade, not suit for new swift

Some websites show the TOTP secret separated with spaces, such as Gitlab.

I tried to manually add one of these secrets to Tofu and the "Done" button kept being disabled. After removing the spaces, the "Done" button could be pressed and it worked correctly.

Tofu should either strip the spaces or allow it to be added as-is to avoid confusion.

Example format of space separated secret:
xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx

I don’t know if this is possible but transferring keys to another device via barcode would be nice as we can safely store both keys on 2 devices just in case one device dies. Yes I know they backup to iCloud but still

Scanning a barcode from a screenshot would be nice as you can’t point your camera at your own phone and yes i know that’s why they have manual keys but I have ran into some sites that don’t show the manual key

Is there a way to backup the codes? This is a needed feature - in case of device loosing or device changing.

A good solution is implemented here: https://github.com/andOTP/andOTP

Hi! Could you please add an icon for Example?

Their website is at https://ctemplar.com/

When scanning their QR code with Tofu, the account issuer shows up as Example.

I would like to see a icon added for Hey.com - a new email service.
I not sure how to do it myself, but hopefully some helpful soul can assist.

I found their logo as SVG here:
https://hey.com/assets/general/hand-peace-8b40e9460a1ae55d834563cc1cdc8b4aef606e58241d244f0468cb59442911a4.svg

In Tofu the service is listed as: "HEY ([email protected])"

Thanks in advance!

Maybe I'm missing something, but aren't I completely hosed if I lose my phone? I feel like there should be some sort of secure recovery process. If there already is one, I'd love to hear about it but I couldn't find it in the documentation (aka the FAQ and readme.md, couldn't find more documentation).

Hi! Is there a way to export entries from Tofu? I'd rather have my 2FA codes backed up somewhere else besides iCloud. I think it might also be important for people who do not use iCloud backups at all.

May I suggest some features?

2. A small quality of life upgrade would be that to merely double tap a token in the app should directly copy the code to the clipboard, rather than having to tap and then press Copy. I think most other Auth apps I’ve tried has this design (though trivial change).

3. An incredibly convenient option would be for the Tofu app to automatically send the current code for the relevant token to the clipboard, similar to how when signing in to a website with a text message verification code it appears automatically in the clipboard (without having to leave the Safari app). Would this be feasible?

Steam Guard uses custom TOTP codes that consist of five letters. It would be nice to have support for them in Tofu!

Here's a JS implementation of their algorithm if that helps: https://github.com/DoctorMcKay/node-steam-totp

Can you enable a way to pull Authy 2fa accounts into Tofu?

Hey there, could you please add an icon for Sony (For Playstation and such)?
Their accounts can use 2FA but there's no icon for them.
Here's the icon:

Their website is at https://sony.com.

Hi, iOS 14 was released yesterday. Before upgrading, I'm wondering if the Tofu application is working with it. Thanks 👍

It would be nice if TOFU would register itself as a URL handler for the otpauth:// scheme, just like the Google Authenticator app does. This would allow you to click on a otpauth:// link in e.g. a text message, and have the app automatically open and add the token (maybe after a confirmation).

I believe most of the logic is already implemented for decoding a QR-code, only the registration with iOS for otpauth:// URLs is missing.

Many sites allow themselves to be installed as a web-app with additional benefits on iOS. These webapps fetch their icon from a specific endpoint:
https://developer.apple.com/library/archive/documentation/AppleApplications/Reference/SafariWebContent/ConfiguringWebApplications/ConfiguringWebApplications.html

An example of this would be https://tweakers.net/apple-touch-icon.png - although this specific image is slightly too small to be used with Tofu acccording to the README.

Perhaps the ability to add URLs to entries may be considered, upon which Tofu would be able to try these endpoints (on user consent, of course). Or the ability to "import" icons from URLs like that or from the filesystem?

An added benefit of using external icons is that there would be no need to include logos in this repository, which might pose a copyright issue.

I use 2FA on my cpanel account and today, I was unable to login using the generated token. I accessed my account a different way, removed 2FA from it and tried to set it up again. I scan the QR code and it adds it to my accounts, but when I enter the 6 digit verification code, it keeps telling me the security code is invalid.

I'm not sure if this is a problem in user instructions or the code but I was concerned when I recently set up a new iPad using an encrypted back up of an iOS 13 iPhone to move settings, apps and passwords to the new device.

Tofu was installed on the iPad but with none of my many 2FA accounts. This raises some concerns for me. Not only is it time consuming to set up all my Tofu accounts manually on the iPad but, more importantly, I'm in trouble if my iPhone dies and I can't restore these accounts to my next phone.

The FAQ isn't clear on how to ensure accounts are backed up. What settings are required for backup? Any way to confirm this works (besides wiping and restoring my iPhone)?