Web Access Security

Secure the web access of your PBX.

Web Access Protocol

Yeastar S-Series VoIP PBX supports HTTPS and HTTP protocol of web access. You can go to Settings > System > Security > Service to change the web access settings.

To secure transactions and prevent unauthorized access, we suggest you:

  • Use HTTPS protocol
  • Disable Redirect from port 80.
  • Change the default web access port.

    Avoid using well known port, such as 80 and 443.

Password of Web Login

To ensure the web access security, it is recommended to regularly change the login password. There are two ways to modify the password of web login:
Manually change the password
  1. On the PBX web interface, click your account at the top-right corner, then click My Settings.

  2. In My Settings pop-up window, do as follows to change the password.

    • In the Old Password field, enter your old password.
    • In the New Password field, enter the new password.
      Note: The new password should meet all the following requirements depending on whether the Allow Weak Password option is enabled (Path: Settings > System > Security > Service).
      Strong password

      (The "Allow Weak Password" option is disabled)

      		 Basic password

      (The "Allow Weak Password" option is enabled)
      • At least 10 characters
      • At least 1 uppercase letter
      • At least 1 lowercase letter
      • At least 1 digit
      • Consecutive numbers are not allowed (e.g., 4567)
      • At least 8 characters
      • At least 1 uppercase letter
      • At least 1 lowercase letter
      • At least 1 digit
    • In the Retype New Password field, enter the new password again.
    • In the Email Address field, enter an email address, which is used to receive password reset emails when you forget it.
    • Click Save.
Forced to change the password after login
When you log in the PBX web interface using a weak password with the Allow Weak Password option disabled (Path: Settings > System > Security > Service), a password change window automatically pops up. You are forced to change the weak password to a strong one.

In the password change window, do as follows:

  1. In the Old Password field, enter the old weak password.
  2. In the New Password field, enter the new password.
    Note: The new password should meet all the following requirements.
    • At least 10 characters
    • At least 1 uppercase letter
    • At least 1 lowercase letter
    • At least 1 digit
    • Consecutive numbers are not allowed (e.g., 4567)
  3. In the Retype New Password field, enter the new password again.
  4. In the Email Address field, enter an email address, which is used to receive password reset emails when you forget it.
  5. Click Save.

Login Settings

Go to Settings > System > Security > Service to change the login settings.

  • Auto Logout Time: The PBX will logout automatically after the period of inactivity.
  • Login Mode: By default, the PBX allows Extension login mode. We suggest you to choose Email login mode.
    • Extension: Users can use extension number as the username of web login.
    • Email: Users can use their email addresses as the username of web login.
    Note: The super administrator should use admin as the username of web login.

Login Attempts

For login protection, the PBX will block an web address after 3 login attempts.

The blocked user should try to log in the PBX web interface after 10 minutes.