How to force user to use two factor authentication

ShermaineW
ShermaineW Posts: 6 ✭✭
edited October 2021 in General questions

Hi Expert,

I have setup 2 factor authenticatiom on the company administrator account by edit the profile. however it seems each user can turn on/off of that features at their own settings. I am thinking if there is a way we can enforce this feature for all users?

Thanks a lot

Shermaine

Best Answer

«1

Answers

  • Is there a way to force a server to only accept 2 factor authentication?
  • JBergonje
    JBergonje Posts: 5 Staff member 🤠

    The two factor authentication is a security feature available for TeamViewer accounts not for devices, there is no way to force the accounts or devices that are going to connect to a server or any device to use two factor authentication on the connection, I repeat the two factor authentication is only related to the account and to log in with the account on TeamViewer, not to connect to devices.

    Hope this information is useful for you

  • Is there any update on this feature?

    I'm unfortunately pressed for time and if the feature won't be available by Feb 2018 i will need to find another solution.

    Thanks!

  • We would also like this feature.

  • Any progress made in 2018 already? :manvery-happy:

    This is noticed as solution.. So maybe I'm missing something

  • taemo
    taemo Posts: 2

    interested on this as well.

    I don't see a way to enforce 2FA is enabled with policies.

    No report either to tell me if a user has 2FA enabled nor a way to remove their 2FA in case they need to.

     

  • JBergonje
    JBergonje Posts: 5 Staff member 🤠

    There is no policie available to enforce the 2 factor authentication on the user accounts of a license, this always have to be set by each user, due to privacy policies there is no reports available neither about the 2 factor authentication use, to deactivate it the user will have to login on the application and desable the option on the profile or use the deactivation code provided by the system when the option was enable for the account

  • taemo
    taemo Posts: 2

    Are there any plans to have those functions added on TeamViewer?

    As someone that is responsible to manage TeamViewer for an organization, I would like to enforce those policies for security and logging purposes

     

  • JBergonje
    JBergonje Posts: 5 Staff member 🤠

    I understand your situation but due to the privacy policies of TeamViewer I don't think this option will be available anytime soon, the 2 factor authentication is a security option for the accounts registered on TeamViewer, each owner of the accounts needs to decide to use that option or not. 

  • Then why not set it up to disallow a user to access the company unless the feature is set up?

    This a PCI issue when remoting into the system, if the user has taken it upon themselves to remove the two factor then the company is held liable.

  • The remote system being accessed needs to be considered an asset of the owner, and as the owner, we need to be able to dictate how guests can access. It is not unreasonable to prompt a TeamViewer user with a warning: "The security on the remote system requires guests to have Two Factor Authentication enabled. Please enabled 2FA or contact the remote system administrator for access."

    We are using TeamViewer for mission critcal busiess, and the response to this concern is an indication of how seriously TeamViewer considers modern securty concerns. It is not uncomon to defend the use of TeamViewer vs Bomgar. https://www.bomgar.com/verify

     

  • It's unfortunate that TeamViewer really is a nice piece of software.  But with a short minded and immobile vision that refuses to listen to its corporate paid subscribers (we, for example, use the yearly subscription license and have 12 channels) it seems like it's time to pick a better and newer product that is willing to keep up with the growing market and adapt to its client needs.

    Unfortunate indeed

  • jeremiahmiller
    jeremiahmiller Posts: 3 ✭✭

    For personal accounts this makes sense. But for corporate accounts we need to be able to enforce this option via policy. Or at the very least prevent access to Company assets until 2FA is set up.

  • TV-ME
    TV-ME Posts: 3

    Yeah, we need to force this. I asked for this since the beginning of 2fa as a corporate customer and still not implemented. Theoretically all our technicans can deactivate 2fa by their own. That is a huge risk!

  • sbohmer
    sbohmer Posts: 3 ✭✭
    Not solved.
  • My organization requires MFA on all remote connections.  We have been waiting for Teamviewer to step up and enable this feature to be forced.  This is a huge security risk.  We will start to look at other providers for remote access at this point.

  • Is this feature enabled yet?

  • Spoiler
    Unfortunately Teamviewer is refusing to add this citing privacy issues in doing so.  We have started to evaluate **Third Party Product** to replace our current Teamviewer deployment.  
  • bmaestas
    bmaestas Posts: 1
    AGREED!!!
  • RSHBM
    RSHBM Posts: 2 ✭✭

    @JBergonje wrote:

    I understand your situation but due to the privacy policies of TeamViewer I don't think this option will be available anytime soon, the 2 factor authentication is a security option for the accounts registered on TeamViewer, each owner of the accounts needs to decide to use that option or not. 


    I really do hope that this is not an offical statement of TeamViewer company, as it would disqualify your product for corporate use in companies that care about laws, security and compliance regulations! 

  • jeremiahmiller
    jeremiahmiller Posts: 3 ✭✭

    Agreed.

    I don't see how requiring 2FA is a "privacy" concern. If a technician is part of our corporate account, we should be able to require them to have 2FA and prevent them from accessing our protected assets until they meet the requirements. This is not a privacy issue, it's basic compliance with security and legal requirements.

  • jeremiahmiller
    jeremiahmiller Posts: 3 ✭✭

    Do you have any update on this feature request please? It's been more than 2 years since the original post

  • sbohmer
    sbohmer Posts: 3 ✭✭

    Yes...this!  ThomasL for president.

  • Hi Julia,

    That was a nice reply - more than 3 years ago...
    I believed that Teamviewers policy is to solve solutions on a very hight security level.

    Today it is common standard to give a company the possibility to build up its internal security standards on web applications/services.

    So, really, please do your homework and follow up this important security feature. The missing feature actually keep us from upgrading our subscription.

    All the best,
    Mirko

  • Any update on this yet?