Enforce Password Policy for Extensions
A password policy raises the security bar on every extension by controlling how strong its passwords must be. Weak or reused passwords are one of the easiest ways for an attacker to hijack an extension and run up toll fraud, so tightening these rules protects both the account and your call spend.
Each extension has two separate passwords, and the policy covers both:
- Registration password: the credential a device (an IP desk phone or a softphone, which is a phone app running on a computer or mobile) uses to register with the PBX (Private Branch Exchange, the phone system) so it can make and receive calls.
- User password: the password a person types to sign in to the Cloud Voice App.
Before you begin
Section titled “Before you begin”- Your PBX server must be running firmware 84.20.0.21 or later.
- Changing these settings requires administrator access to your phone system’s management portal, which you reach by logging in to the Cloud Voice Dashboard.
Configure the rules
Section titled “Configure the rules”-
Log in to the Cloud Voice Dashboard at https://voice.izt.cloud and click Login to open your phone system’s management portal, then open Security > Security Settings > Security Options.
-
Locate the Extension Password Rules section and adjust the settings described below.

Setting What it controls Minimum Character Length of User Password The fewest characters allowed in an extension’s user password, the password used to sign in to the Cloud Voice App. The password can be up to 63 characters, so the minimum you require cannot exceed 63. Minimum Character Length of Registration Password The fewest characters allowed in an extension’s registration password, the credential a device such as an IP phone or softphone uses to register. The password can be up to 63 characters, so the minimum you require cannot exceed 63. Extensions Are Not Allowed Reuse Any of Their Last {number} User Passwords When turned on, an extension cannot recycle any of its most recent user passwords when setting a new one. Enter a value from 1 to 20 to choose how many past passwords are blocked. -
Click Save.
What happens next
Section titled “What happens next”From this point on, the rules are checked whenever an extension is created or an extension password is changed, so any new password must satisfy the policy you defined.