diff --git a/docs/authentication.md b/docs/authentication.md
index 5a42a87a..694dbe9d 100644
--- a/docs/authentication.md
+++ b/docs/authentication.md
@@ -18,6 +18,12 @@
   - [OAuth Services](#oauth-services)
   - [Auth on Cloud Hosting Services](#static-site-hosting-providers)
 
+
+> [!IMPORTANT]
+> Dashy's built-in auth is not indented to protect a publicly hosted instance against unauthorized access. Instead you should use an auth provider compatible with your reverse proxy, or access Dashy via your VPN. 
+>
+> In cases where Dashy is only accessibly within your home network, and you just want to add a login page, then the built-in auth may be sufficient, but keep in mind that configuration can still be accessed.
+
 ## Built-In Auth
 
 Dashy has a basic login page included, and frontend authentication. You can enable this by adding users to the `auth` section under `appConfig` in your `conf.yml`. If this section is not specified, then no authentication will be required to access the app, and the homepage will resolve to your dashboard.