FactorCat vs 1Password
1Password is a great password manager. Here's why your second factor should live somewhere else.
1Password is excellent — for passwords
1Password is one of the best password managers available. It's well-designed, well-audited, and trusted by millions. It also supports storing TOTP tokens alongside your passwords. Many people do this because it's convenient.
We think this is a mistake.
The case against combining passwords and MFA
The entire point of multi-factor authentication is that the factors are independent. "Something you know" (password) and "something you have" (TOTP token) are supposed to be in different places. If your password manager stores both, a single breach compromises both factors simultaneously.
- One vault, one breach. If someone gets into your 1Password vault — through a compromised master password, a device exploit, or a social engineering attack — they have your passwords and your TOTP codes. There's no second line of defense.
- Phishing resistance drops. A phishing page that captures your 1Password autofill gets both the password and the TOTP code in the same action. Separate factors mean a phishing attack has to compromise two different systems.
- Regulatory frameworks agree. NIST guidelines specify that authentication factors should be independent. Combining them in one application arguably fails this requirement.
Side-by-side comparison
| FactorCat | 1Password | |
|---|---|---|
| Purpose | MFA only — never stores passwords | Passwords + MFA combined |
| Factor independence | Yes — factors are in a separate app | No — same vault as passwords |
| Browser auto-fill | MFA codes auto-fill via push approve | MFA codes auto-fill with passwords |
| Push notifications | Yes — one-tap phone approval | No — codes generated in the app |
| Zero-trust mode | Locked Vault (free) | Not applicable (different model) |
| Token sharing | Yes — share individual factors | Yes — via shared vaults |
| Price | Free (50 factors) / Pro $24/yr | $36/yr individual / $60/yr family |
Where 1Password is better
- One app for everything. If convenience is your top priority and you accept the tradeoff, 1Password is hard to beat. One unlock, passwords and codes together.
- Password management. 1Password is a full password manager. FactorCat is not and will never be. You need a password manager either way.
- Family sharing. 1Password's family plan is well-designed for sharing passwords and other secrets across a household.
Where FactorCat is better
- Factor independence. Your MFA tokens are in a separate app, on a separate device, behind a separate approval step. A breach of one doesn't compromise the other.
- Push-to-approve. Instead of opening an app and finding a code, your phone buzzes and you tap approve. Faster and more intentional.
- Free tier. FactorCat is free for 50 factors. 1Password starts at $36/year for any usage.
The best setup
Use 1Password for passwords. Use FactorCat for MFA. They complement each other perfectly. Your passwords live in one app, your second factor lives in another, and neither can compromise the other.
Ready to switch?
Get FactorCat free — available on iOS, Android, Chrome, and the web.