The "Security" tab

This tab is used to set the encryption mode and password rules for SwyxServer in general.

Encryption mode is determined globally for SwyxServer in this area, which means the settings you choose here will influence the encryption settings in user and trunk properties.

If you set the encryption mode to "No encryption" here, the mode in the user and trunk properties is likewise set to "No encryption"; if you select "Encryption mandatory" here, then the setting "Encryption mandatory" also appears there. In both cases, the mode cannot be changed within the user and trunk properties. The field is then deactivated.


	A change of the encryption mode requires a restart of all client devices.


	The SwyxLink trunk and the SIP trunk are exceptions in this context. In the SwyxLink trunk, the encryption mode is taken from the server settings and cannot be changed. You can determine encryption for SIP trunks in the SIP trunk group settings. For further information please refer to Exceptions.

In this area, you can force password rules for better user account protection.SwyxWare-Administrators and users will then have to meet additional security conditions when logging on to SwyxServer.


	Logging on to terminal devices and SIP registrations as well as authentication via Windows user accounts are not affected by these password settings.

If this control field is activated, only those user passwords will be permitted that are at least eight characters long and meet at least three of the following four character classes:

- Non-alphanumeric characters (special characters) such as: - periods, commas, brackets, blanks, hash tags (#), question marks (?), percent signs (%), ampersands (&).


	Alphabetic characters (such as: ß, ü, ä, è, ô) and non-Latin characters (such as: φ, π, β) are no special characters and are regarded as letters.

New users must change their password the first time they perform a login

When this checkbox is activated, newly configured users will be required to reset their password themselves after the first login so that users will be the only person who know their passwords.


	Existing user accounts will remain unaffected by the "force complex user passwords" rule until a user changes a password on the user's own volition or the administrator forces a password change for a user. You can force users to change their passwords or to use complex passwords. For further information please refer to chapter The "Authentication" Tab.


	It is impossible to use the previous password again.

A corresponding dialog window will appear at login indicating brief instructions when a user's account data needs to be adjusted to the server and user rules configured. For further information please refer to Registration on SwyxWare Administration.

If this checkbox is activated, then the system will lock user account based on a predetermined number of failed login attempts (e.g. password entered incorrectly multiple times). The corresponding users will be deactivated and will not be able to use terminal devices or clients.

This option can only be used together when the parameter "Number of unsuccessful logins before deactivation" is set.


	Following activation, this rule will apply for all users and administrators. System administrators are the only ones who are not locked.


	Only an administrator can activate a user. For further information please refer to chapter Activate or deactivate users.

This entry field is used to set the number of attempts a user may use to SwyxServer login. Only values "3" to "20" are used.


	The number of failed log-in attempts will be reset for the corresponding user after one successful login. After resetting the SwyxServer services or after changing between master and standby server, this number is reset to zero for all users.


	The number of failed log-on attempts is irrelevant, when the administrator has established a forced password change, and the user attempts to log-on with his/her previous password.

If a user has been deactivated, then the user will be shown the corresponding notification and an instruction to contact the administrator. For further information please refer to Limited number of log-in attempts.