Moving an account to another authenticator

Sometimes you need to move one account out of TOFA without exporting the whole vault — for example, sharing a service account with a teammate, or migrating a single login to your phone. The otpauth:// URI is the lingua franca: every authenticator app can import it, and TOFA can both emit and accept it.

Single account

Copy the URI to your clipboard:

tofa code GitHub:you --uri --copy

The clipboard now holds an otpauth://totp/... URI carrying the secret, period, digits, and algorithm. Paste it into the receiving app's add account flow.

In the TUI, select the entry and press u. In the menu bar app, open the entry's detail view and click the URI button.

Many accounts as a list

Export the selected entries (or the whole vault) as a plain-text URI list:

tofa export --format uris --output accounts.txt

The file has one otpauth:// per line. Most authenticators will accept it directly; otherwise re-import into another tofa install with:

tofa import accounts.txt

In the TUI, open the export modal (e from the list) and press u to write a date-stamped .txt to your home directory. In the menu bar app, open Export QR and click Save URI list (.txt).

Caveats

  • The URI contains the secret — treat the clipboard, file, or pasted message as you would a password. Clear the clipboard after use; delete the file.
  • The receiving authenticator gets an exact copy of the entry, so both apps will produce the same codes from that point on. Decide ahead of time whether you want to remove the entry from TOFA after the move.