Security Lock Enhancement FAQ

This article will provide an overview of what to expect with the locking feature applied to the bvoip phone system.

Updated at July 27th, 2024

In aligning with industry standards and requirements, bvoip has applied a change to make our phone system even more secure than ever.  Many of the commonly used SaaS solutions like Office365 have already instituted mandatory MFA. There is no way to opt out of this security enhancement. 

Why The Enhancement is Important

As many of you know, security is no longer something that can be avoided. I'm sure that many of you have recently seen Cyber Insurance Questionnaires for yourselves and your end customers with the question about enforced MFA. The off-the-shelf product underneath the hood did NOT have an enforce MFA option, which needed to address in addition to many other things that will come up shortly. This is not the only reason but it is an unavoidable one. 

Logging Directly into 3CX?

If you are logging into the 3CX directly and not using the bvoip control portal, an error message will now appear citing that there is a bad attempt notice. To avoid this, please log into the bvoip control portal to manage the phone system.

If you need assistance with logging into the bvoip phone system, please contact our support team. 

 

How User Accounts Are Affected

If your end user was given admin access to the underlying phone system management portal, they will be affected by this change. However, if the end user has a standard extension or user access, they will not be affected by the security enhancement.

How to Adjust User Access

If your end user has admin access and there is a need to adjust their role further so that they can have access to the phone system, limited access can be granted to your end user in the bvoip control portal. If you need assistance on how to manage your users' access, please see the User Management Guide.

User Number Limit

There is no limit to the number of users that can be added into the control portal. 

 

Extending the Unlock Period 

At the moment, the unlock time can be adjusted. The idea here is to reduce risk, so the time allotted to be logged into the restricted section can be adjusted on an as needed basis prior to logging in. 

Importing Passwords into a Management Tool

At this time, there is not an active integration to import passwords into a password management tool, such as IT Glue. It is prudent to understand that should an integration be available in the future, that the username/password alone would not be enough security and that the unlock would need to still be triggered from the control portal.