FreeOTP

FreeOTP is a two-factor authentication application for systems utilizing one-time password protocols. Tokens can be added easily by scanning a QR code.

FreeOTP implements open standards:

• HOTP (HMAC-Based One-Time Password Algorithm) RFC 4226
• TOTP (Time-Based One-Time Password Algorithm) RFC 6238

This means that no proprietary server-side component is necessary: use any server-side component that implements these standards.

Download FreeOTP for iOS

• App Store

Contributing

Pull requests on GitHub are welcome under the Apache 2.0 license, see CONTRIBUTING for more details.

Prerequisites

Building FreeOTP for iOS requires a full Xcode installation (not only the standalone Command Line Tools). Install Xcode from the Mac App Store or Apple’s developer site. Open Xcode once after installing to accept the license and finish any component setup prompts.

Carthage runs xcodebuild under the hood. If builds fail because the wrong toolchain is selected, point the active developer directory at your Xcode app:

sudo xcode-select -s /Applications/Xcode.app/Contents/Developer

Install Build dependencies

You need to have Carthage installed for managing dependencies. In simple steps:

brew install carthage
carthage update --use-xcframeworks --platform iOS

Additional information

• FreeOTP Backup and Restore requires enabling encrypted backups.

FreeOTP Backup and Restore relies on Apple native backup functionality. For enhanced security, FreeOTP stores token secrets in the device keystore using the Apple Keychain interface. Items are stored with Keychain data protection attribute kSecAttrAccessibleWhenUnlocked. Items with this attribute migrate to a new device when using encrypted backups.

• FreeOTP Locked tokens 🔒 are NOT included in device backups. This is enforced by Apple Security, it is not a FreeOTP decision.

Token providers may add lock=true OTP Token URI parameter. FreeOTP tokens added this way require Biometrics data stored in the Apple Keychain and appear in the FreeOTP tokens list with a 🔒 icon image. Biometrics data in the Apple Keychain is excluded from encrypted Backup data intentionally. This is a security measure by Apple to keep Biometrics data like FaceID from leaving the device. Refer to Apple Platform Security documentation for more information.