Firefly III should be run on a TLS enabled host (https://) even when running locally. Please remember that this is open source software under active development, and it is in no way guaranteed to be safe or secure.

Security features

  • By default, Firefy III only supports one user registration. You can disable this in the administration.

  • You should use disk- and database encryption whenever possible.

  • Firefly III supports 2 factor authentication, check your preferences.

Security bugs?

If you find something that compromises the security of Firefly III, you should send me a message as soon as possible. These issues will be fixed immediately.

You can use my PGP key for extra security. My GitHub commits are almost always signed with this key. For more, see contact information.