Security
Dear Community.
today I read an article here: https://www.binarydefense.com/threat_watch/fbi-warns-of-teamviewer-and-windows-7-usage/#:~:text=The%20alert%2C%20called%20a%20Private,internal%20networks%20and%20access%20policies.
if I install everywhere on the computers - the latest version of Teamviewer, do I still have a security problem? Some of my customers have approached me about this.
Answers
-
Hi @sunnydata
Thank you for your post.
TeamViewer is safe to use. The referenced event was not caused by a software vulnerability issue. According to media reports it seems to be related to inadequate cyber hygiene with a weak password openly shared among a larger group of people.
Generally, we encourage you to make use of TeamViewer’s password-less Easy Access functionality and optionally configure an AllowList as most secure setup for unattended access. We also recommend using 2FA for your TeamViewer account. If you set up an optional personal password for unattended access, please make sure to follow best practices for password complexity and do not share it with anyone:
You will find all relevant information in the following articles:
- Easy Access
- Block and allowlist
- Two-Factor-Authentication
Please feel free to contact us at any time for any additional questions.
All the best,
Natascha
German Community moderator 💙 Moderatorin der deutschsprachigen Community
1 -
In light of the recent hack on the water treatment plant in Oldsmar, Florida using TeamViewer as the vector, I have some questions as to the level of protection TeamViewer's two-factor authentication mechanism provides. From personal experience using this feature, it seems to ONLY affect TeamViewer logins for registered users. This does NOT however prevent a non-authenticated user from installing TeamViewer on previously unspecified machine, entering a TeamViewer machine ID and the correct password and then gaining remote access to the remote device.
I assume that there are other security controls such as "whitelists" to prevent unknown machines from connecting to machines covered under your organization's account and that use of strong random passwords significantly reduces the possibility of unauthorized access. However, none of these security controls are as effective as two-factor authentication, which TV is advertising as "securing" the application. So the question is, why is two-factor authentication not required for remotely connecting to a machine in your organization?
0 -
Thanks for your feedback @DaveNVa. Yes, the Two-Factor-Authentication protects TeamViewer accounts. As stated above, we encourage everyone to make use of TeamViewer's password-less Easy Access functionality and optionally configure an AllowList as most secure setup for unattended access. In the combination with the Two-Factor-Authentication, this protection covers accessing the account as well as any machine you are supporting via TeamViewer.
Please see the above reply from @Natascha for some helpful links with more information.
Regarding the Two-Factor-Authentication not being required for remotely connecting to a machine in your organization, we encourage every admin to make this a mandatory requirement for the organization via the above measures.
Thanks and best, Esther
Former Community Manager
0 -
Thank you for your explanation Esther. If I understand correctly, in order for two-factor authentication to apply to any and all remote connections to a device, the device MUST have one of two of the following configurations:
- If Allow ONLY lists are not employed, then: Easy Access is ENABLED. Both random passwords AND personal passwords are DISABLED, meaning that the only possible authentication mode is "Easy Access". ALL users granted Easy Access use two-factor authentication.
- Allow ONLY lists are employed, then: ALL contacts in the allow list use two-factor authentication. Easy Access is optional.
0 -
Hi Dave,
Yes - but keep in mind you need to set/disable these options by yourself. There is no automatically disabling of random passwords and personal passwords when you activate Easy Access.
Same for your 2nd point: Easy Access is optional, and if you don't activate it, you need random/personal passwords to connect.
However, we recommend enabling Easy Access and use an AllowList.
Thanks, Esther
Former Community Manager
0
