FactorCat - MFA Authenticator

About

FactorCat connects your browser to the FactorCat mobile app to make MFA invisible.

When you land on a page with an MFA field, the extension detects it, matches it against your token inventory by domain, and sends a push request to your phone. Approve with biometrics, and the code fills in — no alt-tabbing, no clipboard, no timer anxiety.

THE EXTENSION NEVER HOLDS SECRETS
This is architectural, not policy. The extension receives a computed TOTP response only after you approve the request on your phone. Secrets are stored on your device, encrypted with keys you control. The browser is a relay, not a vault.

SMART SITE MATCHING
Tokens are matched by domain automatically. Multiple tokens on the same domain? A compact picker shows display names so you select the right one. URL-pattern matching is available for precision on complex sites.

TOKEN CAPTURE ON SETUP PAGES
When you're enabling MFA on a new account, the extension detects the QR code on the setup page and offers to capture the token directly — no need to pull out your phone camera. The token appears in your mobile app instantly.

PAIR IN SECONDS
Sign in via the extension, scan the pairing QR with the FactorCat app, and you're connected. One OAuth + one QR scan = paired.

HOW IT WORKS
1. Visit a login page that asks for an MFA code
2. FactorCat detects the input field and matches your token
3. A push notification arrives on your phone
4. Tap approve and confirm with biometrics
5. The code fills in automatically — you're logged in

SECURITY ARCHITECTURE
• TOTP secrets never leave your mobile device
• The extension only receives computed codes, never raw secrets
• All communication is encrypted end-to-end
• Biometric confirmation required for every approval
• MFA and passwords stay separate — no single point of failure

Requires the FactorCat mobile app (iOS or Android). Free to use.