The risks of fixed passwords and alternatives for secure unattended access

JeanK
JeanK Posts: 7,029 Community Manager 🌍
edited October 3 in Blog

Remote access solutions have become indispensable for businesses and individuals alike. Whether it's troubleshooting technical issues, accessing files, or collaborating with colleagues, the ability to remotely connect to devices is invaluable. However, as convenience increases, so do security concerns. One of the primary areas of vulnerability lies in the use of fixed passwords for unattended access. Let's dive into the risks associated with fixed passwords and explore more secure alternatives offered by TeamViewer. 

Risks of fixed passwords for unattended access 

Fixed passwords have long been used as a means of establishing unattended access to remote devices. This method involves setting a fixed password on the remote device, allowing authorized users to connect without requiring explicit permission from the device's owner. While seemingly convenient, relying solely on fixed passwords poses significant security risks: 

  1. Vulnerability to password guessing: Fixed passwords, especially if not sufficiently complex, are susceptible to password guessing. 
  2. Limited security measures: Fixed passwords lack the robust security features of modern authentication methods. They provide no inherent protection against unauthorized access attempts and offer minimal control over who can connect to the device. 
  3. Single point of failure: Since fixed passwords grant access to the device, compromising the password compromises the entire system. This creates a single point of failure, putting the device and its data at risk of exploitation or manipulation. 

Our best practices for unattended access 

TeamViewer recognizes the vulnerabilities associated with fixed passwords and offers secure alternatives to enhance the protection of remote devices and data.

Connect via Easy Access 

Instead of relying on fixed passwords, TeamViewer recommends assigning remote devices to user accounts or company profiles and using Easy Access for connections. Easy Access is a permission you assign to the manager of the device, allowing them to connect with a double-click without entering any TeamViewer ID or password. By associating devices with user accounts, the security extends beyond a simple password to the entire account, which can be fortified with additional layers of protection such as two-factor authentication

To learn the best practices on how to set up unattended access for your remote devices and how to enable two-factor authentication for your account, please read the following articles: 

Protect your remote devices with two-factor authentication for connections 

TeamViewer offers an additional layer of security through two-factor authentication for connections. This feature empowers users to bolster their authentication process beyond the classic TeamViewer ID and password connection method. With two-factor authentication for connections enabled, users can receive push notifications on their mobile devices, allowing them to promptly approve or deny connection attempts. By integrating this mobile-based verification, TeamViewer enhances security by requiring not only the fixed password but also real-time confirmation from the authorized user. Consequently, even if the fixed password is compromised, unauthorized access attempts can be thwarted through this secondary verification step. Learn how to set up two-factor authentication for connections now by reading this article

Elevate security with Conditional Access and Bring your own certificate 

For organizations looking to elevate their connection control to a higher level, TeamViewer offers Conditional Access. Conditional Access (available exclusively with TeamViewer Tensor) empowers organizations to control which devices, users, and user groups using TeamViewer Tensor have access to which data sources, services, and applications in your organization. With centralized oversight, administrators maintain control from a single location. Centralized rules management, accessible via the TeamViewer client interface or web app, offers flexibility in assigning permissions for remote sessions, file transfers, and meetings at the account, group, or device level. 

Moreover, to fortify the TeamViewer ecosystem, we provide the Bring your own certificate (BYOC) feature. All connections between TeamViewer clients utilize certificates to authenticate the identity of participants. BYOC enables users to utilize their own certificates for authentication, enhancing security independent of and complementary to TeamViewer certificates. Configurable for both incoming and outgoing connections, BYOC restricts connections to specific devices, bolstering security within the TeamViewer environment. 

Learn more about Conditional Access and Bring Your Own Certificate here.

Community Manager

Comments

  • VAGShirts
    VAGShirts Posts: 1

    I'm quite frustrated to find ourselves once again receiving instructions on how we must use TeamViewer, despite being full license holders.

    This ongoing oversight in communication is disheartening and reflects poorly on TeamViewer's commitment to its users.

    Furthermore, the recent overhaul of the user experience (UX) feels like a significant regression, simplifying what was once a powerful and robust application.

    I urge TeamViewer to prioritise the input of its paying customers and address these issues promptly. It's time to rectify these shortcomings and uphold the standard of excellence that TeamViewer WAS known for.

  • Yev
    Yev Posts: 1
    edited May 13

    At this rate **Third Party Product** will become a better option as soon as they add unattended connectivity.

  • Flonki
    Flonki Posts: 1

    /signed

  • BrentCHC
    BrentCHC Posts: 2

    Yes, the UI needs lots of love. I just want to be able to open the UI, find the machine i want to connect to and connect to it. All within a few seconds. I am not looking to "manage" the machine any further. Upgrading TV is nice, seems like a small pop up menu next to each machine would be sufficient. No idea why we need all the other stuff and 2 screens to get this portion.

  • Oliver_L
    Oliver_L Posts: 8

    A company must be committed to its paying custumers not to its users of free evaluation versions. Be happy that you may use the product for free but do not expect any support except if you pay for it.

  • Ying_Q
    Ying_Q Posts: 2,691 Moderator

    Hi @Oliver_L,

    Thank you for massenging us in the Community!

    May I ask what exactly happened with TeamViewer? Is there something I could help you on troubleshooting?

    Best,

    Ying_Q

    Community Moderator/中文社区管理员
  • Oliver_L
    Oliver_L Posts: 8

    Hi Ying_Q,

    no, thank you for asking. I am perfectly happy with your professional support as a paying customer.

    Kind regards
    Oliver

  • Indiana999
    Indiana999 Posts: 2

    As a long-time PAYING customer of TeamViewer, I completely agree with VAGShirts and BrentCHC. If TeamViewer truly values security, they wouldn't cap the number of 'managed' computers within our tenant. This forces us to use less-secure passworded connections within the classic interface. TeamViewer's new interface clearly had an agenda to make adding passworded connections ridiculously overcomplicated. And charging thousands more to increase our managed computer limit is nothing more than corporate greed.

    Remove the 'managed' computer limits and allow us to properly secure all of our managed computers. Since imposing these limits and new interface, I am seriously considering the migration to one of your competitors.

  • Where did wake on lan go?

  • done

  • 0903
    0903 Posts: 1
    edited October 21

    Thank you.

  • Oliver_L
    Oliver_L Posts: 8

    After some time I got used to it, migrated all customers and love it! No more stored password needed, now 2FA safe.
    It is ultra-fast and very efficient. Please leave it as it is and integrate you small refinements from time to time as usual.
    I am a paying customer for 10+ years, too.

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.