Security Settings

Configure security policies for your entire server — two-factor authentication enforcement, passphrase requirements, and more.

Enforce 2FA

Two-factor authentication is mandatory by default. The Settings tab shows whether the workspace requirement is enabled or disabled and labels the switch with the action it will take. If enforcement is enabled, all users without 2FA must complete setup before they can use the messenger.

Changing this policy requires confirmation. The confirmation explains the consequence: enabling enforcement sends users without 2FA through setup, while disabling enforcement makes 2FA optional unless users enable it themselves.

Minimum Passphrase Length

Set the minimum passphrase length for all users. The default minimum is 12 characters. You can adjust this between 6 and 128 characters and save the value from the policy card. This applies to new accounts and password changes — existing users are not forced to change their passphrase unless they reset it.

Account Lockout

Freedom Messenger automatically locks accounts after repeated failed login attempts. This protects against brute-force attacks. The lockout is temporary and resets after a cooldown period.

Rate Limiting

Built-in rate limiting protects your server from abuse. These limits are active by default and cannot currently be changed through the UI:

Config File Permissions

The server enforces that config.toml has permissions set to 0600 (owner read/write only). If you run freedom-mess protect-secret, the master secret is stored as an encrypted envelope and the separate passphrase file must also be owner-only readable.

Related

• Security Overview — detailed explanation of all security layers
• Managing Users — reset 2FA and passwords for individual users