If you want to strengthen the security of your endpoint device, you can deploy strong device encryption that is derived from a user password. The encryption is applied to all partitions that can contain user data, e.g. browser history or Custom Partitions.
Menu path: Security > Device Encryption
Device encryption mode
- Keep: The default encryption scheme is maintained. If a password has been set, it will remain unchanged.
- Activate: The device will be re-encrypted using strong encryption methods when the user enters the password for the first time. It is strongly recommended to enforce the use of a strong password; see Minimum Password Length and the subsequent password settings. The re-encryption may take about 10 to 60 seconds; the duration depends on the hardware performance and the size of the Custom Partition.
Deactivate: The device will be re-encrypted back to the default device encryption scheme on the next boot. The re-encryption may take about 10 to 60 seconds.
Only applicable if device encryption is enabled. The user can change the password for device encryption.
- PW: Password authentication. In this version of IGEL OS, this is the only available authentication type.
- Auto, constant-time: The password aggregation function that fits best with the defined Target time delay (ms) is selected.
- Auto, at least level: The security level will be at least as high as the value selected by Password aggregation function; if the Target time delay (ms) allows for a higher security level, the higher security level will be used.
- Manual: The Password aggregation function can be set manually, irrespective of the delay time specified by Target time delay (ms).
Target time delay (ms)
Maximum time that should be consumed by the password aggregation function. This delay is effective when the user enters the device encryption password on boot or changes the device encryption password.
Password aggregation function
Security level of the encryption.
- I: Argon2id, 8M/7 ops
- II: Argon2id, 128M/3 ops
- III: Argon2id, 256M/3 ops
- IV: Argon2id, 512M/3 ops
- V: Argon2id, 1024M/4 ops
- VI: Argon2id, 128M/4 ops
Minimum password length
Minimum number of characters the password must be composed of
Unwanted strings in password (comma separated)
Comma-separated list of strings that must not be contained in the password
The password must contain
Defines whether all of the subsequent minimum requirements (minimum amount of lower case letters etc.) must be fulfilled, or 2, or 3 of them.
- 2 of
- 3 of
Minimum amount of lower case letters
The minimum amount of lower case letters
Minimum amount of upper case letters
The minimum amount of upper case letters
Minimum amount of numbers
The minimum amount of numbers
Minimum amount of special characters
The Minimum amount of special characters
Special characters allowed
List of all non-alphanumerical characters that are allowed in the password, without separators