Within the Faspex Server Web UI, go to Server > Configuration > Security to view and/or modify your server's security settings for user accounts, transfers and packages.

Faspex accounts

Configuration Option	Description
Session timeout	Sessions will timeout after the specified number of minutes of inactivity.
Deactivate users	Deactivate the user account when login attempts fail under the specified circumstance.
Prevent concurrent login (checkbox)	If enabled, users can only be logged in from one client at a time.
Use strong passwords (checkbox)	If enabled, require newly created passwords to contain at least one letter, one number and one symbol. Note that existing passwords will remain valid.
Allow sending packages to outside email addresses (checkbox)	When enabled, Faspex packages can be sent to people who do not have Faspex accounts. Additional configuration options for this function can be found on this page, within the section Packages sent to outside email addresses. In addition to the settings on this page, you must also enable this behavior within an individual user's account by checking the option for Sending to external email. Please refer to Creating a New Faspex User for additional information.
Use Encryption-at-Rest (EAR) (radio buttons and checkbox)	Always: Always use EAR. When enabled, users will be required on upload to enter a password to encrypt the files on the server. Subsequently, recipients will be required to enter the password to decrypt protected files as they are being downloaded. Note that if a user elects to keep downloaded files encrypted, then they do not need to enter a password until they attempt to decrypt the files locally. This feature is not fully enforced unless the Faspex Server Administrator also updates the aspera.conf configuration file (which is not automatically modified by Faspex). The Administrator may update aspera.conf manually, as well as using the Aspera Enterprise Server GUI. For additional information, please refer to Note on Encryption at Rest. Never: (this is the default for new installations) Do not use EAR Optional: User may choose at send time whether to encrypt or not Allow dropboxes to have their own encryption settings: (off is the default for new installations): If this global setting is unchecked, you cannot set EAR for individual dropboxes. If checked, you can adjust EAR settings for each dropbox. Please see Create and Manage Dropboxes for details.
Require workgroup admins to specify expiration date when creating accounts (checkbox)	When enabled, a workgroup or dropbox admininistrator must specify an account expiration date upon creating a new Faspex user who will belong to a given workgroup or dropbox.

Packages sent to outside email addresses

Configuration Option	Description
Package link expires (checkbox)	When enabled, the package link will expire after the specified number of days.
Expire after	Number of days before the package link expires.
Expire after full package download (checkbox)	If this checkbox is enabled, the package link will expire after one (1) download (which applies when the link is forwarded, as well). After the first download, the file(s) must be resent in a new package--via the Faspex Server--for the recipient to be able to download them again.