7.5.18 The "Security" tab
This tab is used to set the encryption mode and password rules for SwyxServer in general.
Encryption settings
Encryption mode is determined globally for SwyxServer in this area, which means the settings you choose here will influence the encryption settings in user and trunk properties.
If you set the encryption mode to "No encryption" here, the mode in the user and trunk properties is likewise set to "No encryption"; if you select "Encryption mandatory" here, then the setting "Encryption mandatory" also appears there. In both cases, the mode cannot be changed within the user and trunk properties. The field is then deactivated.
* 
A change of the encryption mode requires a restart of all client devices.
 
* 
The SwyxLink trunk and the SIP trunk are exceptions in this context. In the SwyxLink trunk, the encryption mode is taken from the server settings and cannot be changed. You can configure encryption for SIP trunks in the SIP trunk group settings. See Exceptions.
 
Password settings
In this area, you can force password rules for better user account protection.SwyxWare-Administrators and users will then have to meet additional security conditions when logging on to SwyxServer.
* 
Logging on to terminal devices and SIP registrations as well as authentication via Windows user accounts are not affected by these password settings.
 
The default configuration is for all rules to be deactivated.
The following rules can be configured:
*Force complex user passwords:
If this control field is activated, only those user passwords will be permitted that are at least eight characters long and meet at least three of the following four character classes:
- upper-case letters such as: [A-Z]
- lower-case letters such as: [a-z]
- Numbers [0-9]
- Non-alphanumeric characters (special characters), such as: Dot, comma, brackets, space, double cross (#), question mark (?), percent sign (%), ampersand (&).
* 
Alphabetic characters (such as: ß, ü, ä, è, ô) and non-Latin characters (such as: φ, π, β) are no special characters and are regarded as letters.
 
* 
In SwyxON, the policy for complex passwords is enforced by default and cannot be overridden by any administrator.
 
* 
When the "force complex password" rule is activated in server configuration and/or user configuration, then the user will be able to continue to use the current password until the user decides to change the password or until the administrator forces password change.
You can force users to change their passwords or to use complex passwords. See 11.2.1.2 The "Authentication" Tab.
 
* 
If the "Force complex user password" option is enabled for the user, the last passwords of the user will be taken into account during the change. The user cannot reuse the last three passwords.
 
* 
Regardless of the password settings, an attempt to re-enter the current password during password change will be checked by the system and will not be permitted.
 
*Deactivate user after failed login attempts
 
If this checkbox is activated, then the system will lock user account based on a predetermined number of failed login attempts (e.g. password entered incorrectly multiple times). The corresponding users will be deactivated and will not be able to use terminal devices or clients.
This option can only be used together when the parameter "Number of unsuccessful logins before deactivation" is set.
* 
Following activation, this rule will apply for all users and administrators. System administrators are the only ones who are not locked.
 
* 
Only an administrator can activate a user. See 11.4 Activate/deactivate or delete users.
 
*Number of unsuccessful logins before deactivation.
This entry field is used to set the number of attempts a user may use to SwyxServer login. Only values "3" to "20" are used.
* 
The number of failed log-in attempts will be reset for the corresponding user after one successful login. After resetting the SwyxServer services or after changing between master and standby server, this number is reset to zero for all users.
 
* 
The number of failed log-on attempts is irrelevant, when the administrator has established a forced password change, and the user attempts to log-on with his/her previous password.
 
If a user has been deactivated, then the user will be shown the corresponding notification and an instruction to contact the administrator. See 7.1.2 Limited number of log-in attempts.
Log in settings
The user name in UPN format should be used for logging on to SwyxWare Administration and clients.
In this area, you can configure a UPN-Suffix.