Firefly III should be run on a TLS enabled host (
https://) even when running locally. Please remember that this is open source software under active development, and it is in no way guaranteed to be safe or secure.
- By default, Firefy III only supports one user registration. You can disable this in the administration;
- Most of the database is encrypted. Please note that although some parts of the database are encrypted (transaction descriptions, names, etc.) some parts are not (amounts, dates, some descriptions, etc). If you need more security, you must enable transparent database encryption or a comparable technology.
- Firefly III supports 2 factor authentication, check your preferences.
If you find something that compromises the security of Firefly III, you should send me a message as soon as possible. These issues will be fixed immediately.