logo
SecurityOverview

Security at Forbidden Finance

An overview of how Forbidden Finance protects your data, including self-hosted authentication, encryption, screen capture prevention, and session management.

Overview

Forbidden Finance is built with the principle that your financial data deserves the highest level of protection. Your login credentials are processed on our self-hosted authentication system -- they are never handled by third-party services. Data is encrypted in transit, sessions expire automatically, and the app includes multiple layers of protection to keep your information private.

This page provides a high-level overview of every security feature available in Forbidden Finance. Each feature has its own detailed guide linked below.

Security Features

Self-Hosted Authentication

Forbidden Finance uses a self-hosted authentication system. This means your email, password, passkeys, and session tokens are all managed on infrastructure that we own and operate. Your credentials never pass through a third-party identity provider.

Encryption

All data transmitted between the Forbidden Finance app and our servers is encrypted using industry-standard TLS encryption.

Multi-Factor Authentication

You can add a second layer of protection to your account beyond your password:

MethodDescription
Passkeys (FIDO2/WebAuthn)The recommended option. Uses your device's built-in biometrics (Face ID, Touch ID, Windows Hello) to verify your identity. Phishing-resistant and fast.
Authenticator App (TOTP)A 6-digit code from an authenticator app like Google Authenticator or Authy. Entered after your password during login.
Hardware Security Key (U2F)A physical security key (like a YubiKey) for users who want a dedicated hardware factor.

Biometric Unlock

After you log in, biometric unlock lets you use Face ID, Touch ID, or fingerprint to return to the app without re-entering your password. This protects against casual access when someone picks up your unlocked phone but is not a replacement for your login credentials.

Privacy Mode

Tap the eye icon on the dashboard to instantly blur all monetary amounts. This prevents shoulder-surfing in public places. You can tap individual cards to peek at specific numbers while keeping everything else hidden.

Screen Capture Prevention

On mobile devices, Forbidden Finance automatically prevents screen captures and screen recording. This means screenshots of the app appear blank, and screen recordings do not capture the app's content. This protection is always active and requires no configuration.

Session Management

You can view all active sessions (devices where you are currently logged in) and revoke any session remotely. Sessions include automatic protections:

  • Inactivity warning at 28 minutes with no interaction
  • Automatic logout after 30 minutes of inactivity
  • Absolute session cap of 8 hours, regardless of activity

Password Reset

If you forget your password, you can reset it through an email link flow directly from the login screen. The reset link is sent to your registered email address.

Tips

Set up a passkey as your first security action after creating your account. Passkeys are the strongest and most convenient authentication method available.
Enable biometric unlock so you do not have to type your password every time you return to the app. It adds convenience without sacrificing security.
Screen capture prevention is automatic on mobile, but it is not available on the web version. Be mindful of your surroundings when using Forbidden Finance in a browser.

Frequently Asked Questions

Is Forbidden Finance safe to use?

Yes. Forbidden Finance uses self-hosted authentication, encrypted connections, automatic session timeouts, and multiple MFA options. Your credentials never pass through third-party services.

Can someone take a screenshot of my financial data?

On mobile devices (iOS and Android), screen capture prevention is always active. Screenshots appear blank and screen recordings do not capture the app's content. On the web, this protection is not available, so use privacy mode in public.

What happens if I lose my phone?

Go to the web app and log in. Under Settings > Security > Sessions, revoke the session for your lost device. This logs out the app on that device immediately. If you had a passkey on that device, you can remove it and set up a new one on your replacement device.

Does Forbidden Finance sell my data?

No. Your financial data is yours. Forbidden Finance does not sell, share, or monetize your personal financial information.

Detailed Security Guides

Passkeys

Set up and use passkeys for phishing-resistant login.

Authenticator App (TOTP)

Set up a 6-digit code from an authenticator app.

Biometric Unlock

Enable Face ID, Touch ID, or fingerprint unlock.

Privacy Mode

Hide financial amounts on your dashboard.

Session Management

View and revoke active sessions.

Login Problems

Troubleshoot account access issues.

Need more help? Contact us at support@403fin.io.

Was this page helpful?

Last updated today

Built with Documentation.AI