The risks of fixed passwords and alternatives for secure unattended access
Remote access solutions have become indispensable for businesses and individuals alike. Whether it's troubleshooting technical issues, accessing files, or collaborating with colleagues, the ability to remotely connect to devices is invaluable. However, as convenience increases, so do security concerns. One of the primary areas of vulnerability lies in the use of fixed passwords for unattended access. Let's dive into the risks associated with fixed passwords and explore more secure alternatives offered by TeamViewer.
Risks of fixed passwords for unattended access
Fixed passwords have long been used as a means of establishing unattended access to remote devices. This method involves setting a fixed password on the remote device, allowing authorized users to connect without requiring explicit permission from the device's owner. While seemingly convenient, relying solely on fixed passwords poses significant security risks:
- Vulnerability to password guessing: Fixed passwords, especially if not sufficiently complex, are susceptible to password guessing.
- Limited security measures: Fixed passwords lack the robust security features of modern authentication methods. They provide no inherent protection against unauthorized access attempts and offer minimal control over who can connect to the device.
- Single point of failure: Since fixed passwords grant access to the device, compromising the password compromises the entire system. This creates a single point of failure, putting the device and its data at risk of exploitation or manipulation.
Our best practices for unattended access
TeamViewer recognizes the vulnerabilities associated with fixed passwords and offers secure alternatives to enhance the protection of remote devices and data.
Connect via Easy Access
Instead of relying on fixed passwords, TeamViewer recommends assigning remote devices to user accounts or company profiles and using Easy Access for connections. Easy Access is a permission you assign to the manager of the device, allowing them to connect with a double-click without entering any TeamViewer ID or password. By associating devices with user accounts, the security extends beyond a simple password to the entire account, which can be fortified with additional layers of protection such as two-factor authentication.
To learn the best practices on how to set up unattended access for your remote devices and how to enable two-factor authentication for your account, please read the following articles:
- Provide unattended remote support
- Two-factor authentication for your account (new interface)
- Two-factor authentication for your account (Classic interface)
Protect your remote devices with two-factor authentication for connections
TeamViewer offers an additional layer of security through two-factor authentication for connections. This feature empowers users to bolster their authentication process beyond the classic TeamViewer ID and password connection method. With two-factor authentication for connections enabled, users can receive push notifications on their mobile devices, allowing them to promptly approve or deny connection attempts. By integrating this mobile-based verification, TeamViewer enhances security by requiring not only the fixed password but also real-time confirmation from the authorized user. Consequently, even if the fixed password is compromised, unauthorized access attempts can be thwarted through this secondary verification step. Learn how to set up two-factor authentication for connections now by reading this article.
Elevate security with Conditional Access and Bring your own certificate
For organizations looking to elevate their connection control to a higher level, TeamViewer offers Conditional Access. Conditional Access (available exclusively with TeamViewer Tensor) empowers organizations to control which devices, users, and user groups using TeamViewer Tensor have access to which data sources, services, and applications in your organization. With centralized oversight, administrators maintain control from a single location. Centralized rules management, accessible via the TeamViewer client interface or web app, offers flexibility in assigning permissions for remote sessions, file transfers, and meetings at the account, group, or device level.
Moreover, to fortify the TeamViewer ecosystem, we provide the Bring your own certificate (BYOC) feature. All connections between TeamViewer clients utilize certificates to authenticate the identity of participants. BYOC enables users to utilize their own certificates for authentication, enhancing security independent of and complementary to TeamViewer certificates. Configurable for both incoming and outgoing connections, BYOC restricts connections to specific devices, bolstering security within the TeamViewer environment.
Learn more about Conditional Access and Bring Your Own Certificate here.
Community Manager
Comments
-
I'm quite frustrated to find ourselves once again receiving instructions on how we must use TeamViewer, despite being full license holders.
This ongoing oversight in communication is disheartening and reflects poorly on TeamViewer's commitment to its users.
Furthermore, the recent overhaul of the user experience (UX) feels like a significant regression, simplifying what was once a powerful and robust application.
I urge TeamViewer to prioritise the input of its paying customers and address these issues promptly. It's time to rectify these shortcomings and uphold the standard of excellence that TeamViewer WAS known for.
0 -
At this rate **Third Party Product** will become a better option as soon as they add unattended connectivity.
0 -
Yes, the UI needs lots of love. I just want to be able to open the UI, find the machine i want to connect to and connect to it. All within a few seconds. I am not looking to "manage" the machine any further. Upgrading TV is nice, seems like a small pop up menu next to each machine would be sufficient. No idea why we need all the other stuff and 2 screens to get this portion.
1 -
A company must be committed to its paying custumers not to its users of free evaluation versions. Be happy that you may use the product for free but do not expect any support except if you pay for it.
0 -
Hi Ying_Q,
no, thank you for asking. I am perfectly happy with your professional support as a paying customer.
Kind regards
Oliver1 -
As a long-time PAYING customer of TeamViewer, I completely agree with VAGShirts and BrentCHC. If TeamViewer truly values security, they wouldn't cap the number of 'managed' computers within our tenant. This forces us to use less-secure passworded connections within the classic interface. TeamViewer's new interface clearly had an agenda to make adding passworded connections ridiculously overcomplicated. And charging thousands more to increase our managed computer limit is nothing more than corporate greed.
Remove the 'managed' computer limits and allow us to properly secure all of our managed computers. Since imposing these limits and new interface, I am seriously considering the migration to one of your competitors.
1 -
Where did wake on lan go?
0 -
After some time I got used to it, migrated all customers and love it! No more stored password needed, now 2FA safe.
It is ultra-fast and very efficient. Please leave it as it is and integrate you small refinements from time to time as usual.
I am a paying customer for 10+ years, too.0 -
could not set person password
0 -
2SA is all that's needed. Text or email to verify License user for any remote, License user is trying to connect to. Let's not complicated it, please.😎
0