Cloud Vault
Cloud Vault stores your 2FA factors with cloud-managed encryption. Syncs across devices, recovers on sign-in, free for up to 50 factors.
Cloud Vault is the default way to store your factors in FactorCat. It’s designed for convenience and easy recovery — your factors sync across devices automatically, and you never need to manage encryption keys yourself.
How Cloud Vault works
When you add a factor to a Cloud Vault, FactorCat encrypts it with a key managed on our servers. The encrypted data syncs to every device where you’re signed in. The server can generate TOTP codes on your behalf, which is what enables the push approval flow to work even when your phone is the only device with the secret.
This means:
- FactorCat manages the encryption key. You don’t need to save a recovery phrase or worry about key backup.
- Your factors are encrypted at rest. They’re not stored in plaintext — see How FactorCat Stores Your Secrets for the technical details.
- Recovery is automatic. Sign in on a new device and your factors are there.
What FactorCat manages for you
- Encryption key generation and storage
- Key rotation and secure backup
- Cross-device sync — factors appear on every device you sign into
- Server-side TOTP generation for the approval flow
- Daily, weekly, and monthly backups of your encrypted data
You don’t need to do anything to enable this. It works out of the box.
Recovery — sign in and you’re back
If you lose your phone, get a new device, or need to reinstall FactorCat:
- Install FactorCat on your new device
- Sign in with the same account (Google, Apple, or email)
- Your Cloud Vault factors are available immediately
No recovery phrase, no emergency kit, no QR code to scan. Cloud Vault recovery is designed to be as simple as signing in.
Free for up to 50 factors
Cloud Vault is free for all users. You can store up to 50 factors across all your vaults (Cloud and Locked combined) on the free tier. Most personal users won’t hit this cap — the average person uses 2FA on 10-20 services. Pro unlocks unlimited factors.
When to use Cloud Vault
Cloud Vault is the right choice for:
- Most of your accounts — email, social media, shopping, streaming, work tools
- Getting started — no setup ceremony, no keys to manage
- Shared factors — share-to-invite works with Cloud Vault factors
- When recovery matters more than zero-trust — you’d rather be able to recover your factors than have the theoretical security of holding your own keys
Cloud Vault vs Locked Vault
| Cloud Vault | Locked Vault | |
|---|---|---|
| Who holds the key | FactorCat (cloud-managed) | You (master key on your device) |
| Recovery | Sign in on any device | OS backup or emergency kit |
| FactorCat can decrypt | Yes (to generate TOTP codes) | No — zero-knowledge encryption |
| Setup | Instant | Key ceremony with recovery phrase |
| Best for | Most accounts, convenience | High-security accounts, zero-trust |
| Price | Free (up to 50 factors) | Free (up to 50 factors) |
Not sure? Start with Cloud Vault. You can always move individual factors to a Locked Vault later when you’re comfortable with the recovery model.
For more on FactorCat’s security model, see the security page.