How to Lock Down TeamViewer for More Secure Remote Access

Posted on

TeamViewer is a good free program, whether or not you need to entry your laptop from afar or assist out mates and relations with their laptop. However its default settings are remarkably insecure, as an alternative favoring ease of use. Right here’s how to lock down TeamViewer so you may make use of its options with out opening your self up to assault.

The Drawback with TeamViewer

Again in 2016, there was a rash of computer systems compromised by way of TeamViewer. And simply now, in December 2017, TeamViewer was pressured to concern an emergency repair for a severe vulnerability in this system. Even when there aren’t any obtrusive safety holes or widespread assaults, although, it’s very simple for a TeamViewer person to have their laptop compromised in the event that they don’t have all the best settings so as. And in case you have a look at studies of previous compromised machines, most victims have been utilizing an unsecured setup.

By default, TeamViewer isn’t a very safe software. It favors ease of use over difficult-to-navigate safety procedures. That is helpful once you’re attempting to assist your dad remedy his laptop woes from throughout the nation: you may have him obtain a single file, run that file, have him provide the easy numeric laptop ID and password, and increase, you’re controlling his laptop and fixing the disaster. However leaving TeamViewer in that straightforward first-run mode (which actually ought to solely be utilized in such a easy state for these one off emergencies) is simply asking for hassle.

TeamViewer has tons of safety choices you may toggle on and tweak, nevertheless, and it’s very easy to go from a not-secure TeamViewer expertise to a very safe TeamViewer expertise with solely a little bit tinkering.

Earlier than we proceed, nevertheless, there are some things we’d such as you to remember whereas studying by way of the tutorial. First, not each particular person wants to activate each choice we propose. You want to steadiness your wants and workflow in opposition to the safety adjustments you make—you wouldn’t need to, for instance, activate the function that requires a person on the laptop to settle for the incoming TeamViewer request in case you’re utilizing TeamViewer to join to your personal unattended laptop.

Second, if TeamViewer is put in in your laptop by way of your work, by a tech help firm you’ve employed, or by a relative who helps troubleshoot and keep your laptop, we’d encourage you to learn over this text (and doubtlessly benefit from a few of the suggestions) however to additionally seek the advice of with the particular person in control of your TeamViewer expertise.

Fundamental Safety Practices

Earlier than we get into the nitty-gritty of TeamViewer’s settings, let’s discuss a couple of fundamental safety practices (that, frankly, apply to nearly any program, not simply TeamViewer).

Exit TeamViewer, and Run It Solely When You Want It

Our first suggestion is each a right away motion you want to take and a common suggestion for future use. First, compromises are sometimes a results of poor safety practices, we’re going to do one factor straight away: shut TeamViewer briefly off and replace it, and, whereas the appliance is turned off, we’re going to replace the safety in your TeamViewer account by way of the corporate’s webpage. (More on this within the subsequent part.)

As a common future consideration, solely run the TeamViewer software once you want it. That approach, even when there’s a vulnerability in this system (just like the one simply found and patched), you received’t be in practically as a lot hazard. An software that isn’t working can’t trigger any hassle for you. Whereas we perceive that some folks hold TeamViewer on 24/7 as a part of their workflow, and in case you completely have to, high-quality. However in case you solely use it sometimes in your house, otherwise you’re one of many individuals who solely turns it on to sometimes troubleshoot a relative’s laptop, then don’t depart it working all day, day by day. That is the one finest approach to keep away from giving somebody entry to your machine.

With that in thoughts, shut down your TeamViewer software whether it is at the moment working earlier than continuing onto the following steps.

Create a Robust Password

After shutting down the TeamViewer app, it’s time to log into your TeamViewer account at https://login.teamviewer.com. Should you use TeamViewer with out an account, we might strongly encourage you to join for a free account, because it’s far more safe. Not solely do most of the safety suggestions we’re going to spotlight over the course of this tutorial depend on options solely accessible to account holders, however you may’t benefit from the just lately rolled out behind-the-scenes safety features—account monitoring and trusted units—with out an account.

As soon as logged in, click on in your identify within the higher proper nook of the display and, from the drop down menu, choose “Edit profile”.

You’ll be within the “Common” part of the “Profile settings” menu. There are two sections right here instant curiosity to us: the “Change password” hyperlink and the 2 issue authentication (which we’ll get to in a second). Choose “Change password”.

Enter your present password and substitute it with a protracted, sturdy new password. Verify the password after which choose “Change password”. Want to brush up in your sturdy password crafting abilities? We’ve received you coated.

Allow Two-Issue Authentication

Earlier than we proceed, there’s something we should strongly emphasize. Enabling two-factor authentication in your TeamViewer account will increase the safety for the login credentials for your TeamViewer account. It doesn’t, by default, apply the 2 issue system to the precise shopper. You can set a really sturdy password in your TeamViewer account and activate two issue authentication, however in case you depart the shopper password set to the default four digit numeric password, then the two-factor authentication would do nothing to shield you.

It’s critically vital that you just full your complete tutorial right here and (as we exhibit within the later sections) both set a really sturdy password in your TeamViewer shopper or, higher but, lock your shopper to your account (thus locking it to the 2 issue authentication).

After you modify your password you, as you probably did within the earlier step, you’ll be routinely signed out of your TeamViewer account. Log again in and return to the identical location within the Profile > Common menu. Choose the hyperlink “Activate”, subsequent to “Two issue authentication”.

Should you’re unfamiliar with two issue authentication, you may learn up on it right here. Briefly, two issue authentication provides one other layer of identification to the login course of (as an alternative of simply your electronic mail and password, you want your electronic mail, password, and the distinctive code generated by the authentication app in your cellphone). TeamViewer helps a number of authenticators, together with Google Authenticator (iOS/Android) and Authy (iOS/Android). Take a second to set up one of many aforementioned functions, in case you aren’t already utilizing one.

When you’ve chosen “Activate”, you’ll see this little menu describing two issue authentication. Click on “Begin activation”.

At this level, you’ll see a display just like the one beneath, with a big black QR code within the middle. Open up your authenticator of selection, press the button to add a brand new service, and scan the QR code.

If for some cause scanning it doesn’t work, you may at all times click on the “enter the key key manually” hyperlink and sort it in as an alternative of scanning it. When you’ve efficiently added it to your authenticator, click on “Subsequent”.

Verify the safety code for TeamViewer inside your authenticator app and enter it now. Click on “Activate” to verify.

On the ultimate step, print the emergency restoration code. Retailer this code in a secure place. Should you lose entry to your authenticator, that is the one approach it is possible for you to to take away the 2 issue authentication.

At this level we’re now carried out with the web site. After printing the emergency code you may log off of the positioning.

Replace TeamViewer

Should you run TeamViewer occasionally, or if computerized updates received turned off someplace alongside the road, you is probably not working essentially the most up to date model. The TeamViewer set up file is de facto small, nevertheless, so it’s trivial to seize the freshest copy and run it to guarantee your TeamViewer software is up to date earlier than we even open it up once more.

You possibly can obtain an up to date model of the desktop software right here. Run the appliance and choose “Fundamental” set up (to forestall TeamViewer from set up as a Home windows Service), after which run TeamViewer and log into the appliance together with your new password.

You’ll be prompted, instantly after logging in, to enter the safety code out of your two issue safety code. Reference your authenticator app and enter it now.

To play it additional secure, after finishing the login course of, you may choose Assist > Verify For New Model from the toolbar to verify you’re working essentially the most up-to-date model quantity.

Lock Down TeamViewer’s Safety Settings

At this level, you’re already forward of the sport by merely changing your password with a brand new and stronger one and turning on two-factor authentication. Whereas that secures your TeamViewer account normally, nevertheless, we nonetheless want to do some work within the precise TeamViewer software itself.

We would like to emphasize one thing we highlighted in the beginning of the tutorial: the settings and choices you choose are extremely depending on how you employ TeamViewer. Should you’re configuring TeamViewer as a approach to remotely entry your personal laptop when you’re away from dwelling, then you definitely’ll make completely different decisions than in case you’re establishing the TeamViewer shopper in your aged mother and father’ laptop. We might encourage you to safe the best variety of settings you may with out decreasing the utility of TeamViewer to the purpose that it’s extra of a hindrance than a assist.

To get began, head to Extras > Choices from the menu bar.

All of the setting adjustments we’ll make are situated inside the extension Choices menu. To assist minimize down on confusion, we’re going to work our approach proper down the choices menu, submenu by submenu.

Common: No Automated Startup and Account Task

To begin, choose the “Common” tab, from the left hand navigation pane.

There are two massive settings you need to configure right here. First, you need to verify that “Begin TeamViewer with Home windows” isn’t checked until you have got a very urgent cause to have it on. Should you’re the tech help giver, you actually don’t want to have TeamViewer begin with Home windows. However, if the tech help receiver can’t actually deal with fumbling round to begin TeamViewer each time they name you, it could be a mandatory evil to allow this setting on their machine—however as we stated earlier than, it’s finest to solely run TeamViewer once you’re actively utilizing it, which suggests unchecking this field.

On the backside you’ll discover a part labeled “Account task”. Click on on the “Assign to account” button and assign your laptop to a selected TeamViewer account. If that is your private laptop that solely you need entry to, then you definitely need to assign the pc to your account. If this laptop belongs to the particular person you incessantly assist, then you definitely need to assign their laptop to your account.

We are able to’t overemphasize what a rise in safety this presents. In case your account has a powerful password and two-factor authentication enabled, which means that as an alternative of weak default random password the TeamViewer shopper creates every session, anybody making an attempt to entry the distant laptop will want your login, your sturdy password, and entry to your authenticator.

Safety: No Straightforward Access, Robust Passwords, and Whitelists

Our subsequent cease is the safety part. Choose “Safety” from the left hand pane.

Right here you have got some decisions to make relating to password entry and Home windows entry. First, we’ve the “Private password” part. Right here you may set a private password for this TeamViewer shopper (for distant entry) and you may grant “easy accessibility” (whereby the listed account doesn’t want to enter a password to entry the machine so long as they’re logged into their TeamViewer account).

Some folks want to manually set a really sturdy password for their machine (relatively than depend on the randomly generated ones that TeamViewer makes use of by default). So long as you set a really sturdy password, and use the Whitelist operate we’ll get to in a second, this a safe choice. With out the whitelist, although, the non-public password opens up one other vector of assault, since somebody would solely want your TeamViewer ID and password to entry the machine—they wouldn’t even want a two-factor authentication token.

We’d discourage you from utilizing the “easy accessibility” operate until you have got a really sturdy password in your TeamViewer account and also you’ve enabled two-factor authentication, as this removes the necessity for a manually or randomly generated password to entry the machine (so long as you’re logged into your TeamViewer account). Once more, you want to steadiness safety issues in opposition to ease of use.

Should you’re sticking with the randomly generated passwords (whereby the top person, like your mother, will want to provide the password every time), we might encourage you to change from the weaker default password size to “Very safe (10 characters)”. Alternatively, you may disable this operate in case you’ve opted for a powerful guide password within the earlier step.

Beneath the “Guidelines for connections to this laptop” part, you may specify two issues: Home windows login credentials and a black/white checklist. We might strongly advocate leaving the “Home windows logon” choice as “Now Permits”. Should you allow this setting, TeamViewer will settle for the login credentials which can be legitimate on the pc as a sound entry code for the appliance. If the person on the pc has a weak password that is very problematic, and it’s finest to depart it disabled.

Lastly, you positively need to set a whitelist for the pc. Click on on the “Configure” button subsequent to the “Black and whitelist” entry.

Choose “Enable entry solely for the next companions” after which click on “Add”. You’ll be offered with an inventory of your TeamViewer contacts to choose from. By default you’re the solely particular person in your contact checklist. Should you’re solely utilizing TeamViewer to entry your personal machines then that is good, you may simply whitelist your and name it good.

Should you’re establishing a pc for a relative, nevertheless, you’ll want to add your self as a contact to their TeamViewer account if you’d like to use the Whitelist operate. You are able to do so by closing the choices menu right here, returning to the primary TeamViewer window, and clicking on the little double arrow icon subsequent to their identify on the backside proper nook of the display (this expands the Computer systems and Contacts checklist). Click on “Add contact” on the backside of the checklist to add your self as a contact.

Should you want to add anybody else (like, say, a sibling who additionally helps out with mother and pa’s laptop) now’s the time to accomplish that.

As soon as the additional folks, if required, are within the contact checklist, you may merely return to the earlier menu, choose “Add” after which choose all of the TeamViewer accounts you would like to add to the whitelist. Click on “OK” to verify.

Superior Choices: Granular Management Over Remote Access Performance

Should you’ve come this far—settings up two-factor authentication, utilizing sturdy passwords, establishing a whitelist—you’re in nice form, and won’t want to do anymore superior tweaking. The superior settings menu, nevertheless, presents actually granular management over facets of the TeamViewer expertise that permit you to each shield your personal computer systems and the computer systems the the folks you assist from each outdoors tampering (in addition to person error).

To entry the superior settings choose the “Superior” tab from the left hand navigation pane.

There’s a warning that you must actually learn the guide earlier than you make any adjustments. That’s true. You need to positively learn the guide in case you plan on mucking round with any settings we aren’t particularly strolling you thru. Failure to learn documentation is the trail to sorrow.

To entry the superior choices, click on “Present superior choices”. There’s rather a lot occurring in right here, however we’re solely curious about one explicit part within the superior menu “Superior settings for connections to this laptop”.

Right here you will see an entry for “Access Management” that, by default, is about to “Full Access”. As an alternative of leaving it set to “Full Access”, we might strongly encourage you to choose “Customized settings” from the drop down menu.

After choosing “Customized settings” click on the “Configure” button instantly below the field.

Right here you will see a wide selection of granular permissions for your distant entry session that may be configured as “permit”, “after affirmation”, or “denied”. How you configure these settings is extremely dependent in your wants, and the settings we’ve within the above screenshot are merely to present the completely different states the entries might be in.

If, for instance, you’re configuring a pc by yourself dwelling community for simple distant entry, it might be silly to toggle “Join and think about my display” to “After affirmation”, since you’d have to trudge all the best way down to the basement server to manually verify distant entry. And at that time, who wants distant entry…you’re already standing there.

However, although, when you have good friend, member of the family, for shopper, who’s fearful about privateness and about you having the ability to simply randomly join to their laptop unannounced, then turning on “After affirmation” permits you to say “Look, this fashion I can solely join to your laptop to show you how to in case you explicitly click on OK and permit it.”

The person Access Management toggles are detailed on web page 72 of the TeamViewer 11 guide (PDF), however we’ll spotlight the settings right here that must be usually switched to “After affirmation” below practically each circumstance:

  • Switch recordsdata: Set this one to “After affirmation” for distant computer systems you service. Why give an intruder a straightforward approach to obtain your mother and father’ tax returns or add one thing to their machine?
  • Set up a VPN connection to this laptop: There’s not often any want to arrange an precise digital community between computer systems, and until you have got a extremely good cause to hold this on, you must flip it off for safety functions. Set this one to “Denied”.
  • Management the native TeamViewer: Should you’re setting this up on a relative’s machine, you need to set this to “After affirmation”, in case you do really want to make some distant adjustments to the TeamViewer shopper down the street. Should you’re setting it up by yourself machine, you must set it to “Denied”. How typically will you want to remotely join to your personal machine and make massive adjustments to TeamViewer?
  • File switch utilizing the file field: Identical to the switch recordsdata settings, this one must be set to “After affirmation”. If any recordsdata are leaving the distant laptop, anyone must be confirming it.

As well as to the opposite safety precautions we put in place, these further precautions be sure that if somebody have been to acquire entry to TeamViewer, they wouldn’t have the ability to siphon up recordsdata or switch malware to the machine.

Our subsequent cease is vital in case you’re utilizing the randomly generated passwords to hold the distant laptop secure. Beneath the Access Management part there’s an entry labeled “Random password after every session”. From the dropdown menu, choose “Generate new” to create a brand new random password every time somebody tries to join to TeamViewer.

Once more, like all of the choices we’ve gone over, modify this one to match the state of affairs you’re utilizing TeamViewer for. If studying you a protracted and random password over the cellphone isn’t viable for the particular person you’re serving to, then decide as an alternative to use the sturdy guide password choice we checked out below the “Safety” tab, earlier within the tutorial.

Lastly, in case you’ve configured the distant laptop with a restricted person account (a sensible selection in case you’ve arrange a pc for a non-tech savvy relative), you may scroll down to the “TeamViewer choices” and test “Adjustments require administrative rights on this laptop”.

This ensures that solely somebody on the pc with administrative entry (whether or not that’s you or an grownup within the distant family) will probably be in a position to make adjustments to the TeamViewer settings. Moreover (or alternatively), it’s also possible to set a password proper inside the TeamViewer software with the “Shield choices with a password”.

For the Cautious: TeamViewer Options

We’re not personally in any rush to abandon TeamViewer, however in case you’ve skilled a compromise in your TeamViewer setup, we fully perceive in case you’re curious about attempting another distant desktop software. Listed here are some various functions you would possibly think about:

  • Home windows Remote Desktop: Accessible for Home windows and macOS (as a shopper to entry Home windows machines). It’s free and fairly simple to arrange, however has an enormous limitation: customers of any model of Home windows can join to different Home windows PCs utilizing Remote Desktop however Home windows dwelling editions can’t host a connection. For assist establishing Home windows Remote Desktop, see our tutorial right here.
  • Splashtop: Free for private use in case you’re simply utilizing it over the native community, however $16.99 a 12 months for the “Wherever Access Pack” that allows true distant entry. Desktop shoppers accessible for Home windows, macOS, and Ubuntu Linux. Splashtop presents an identical expertise to TeamViewer together with distant desktop management, file switch, and so forth.
  • Chrome Remote Desktop: A comparatively new providing from Google, Chrome Remote Desktop is a free Chrome browser extension that units up a safe distant desktop connection between the person’s Chrome browser and the distant laptop. It’s cross platform and works wherever Chrome does. The massive shortcoming is that it has a extra restricted function set, and if the system you’re attempting to repair is having internet browser issues, you’ll want another approach to entry the distant desktop.

We’ve instructed the three options right here due to their related ease of use and strong observe data, not as a result of they’re inherently higher than TeamViewer or immune to potential exploits. As at all times, weigh your choices fastidiously and apply the identical ideas we talked about relating to TeamViewer—depart the device off when not in use, use sturdy passwords, and many others.—when utilizing another distant desktop answer.


Though configuring TeamViewer as intensively as we simply did is approach extra work than simply working the appliance in its default state, let’s be actual right here. Your information and safety (and the info and safety of the folks you assist with TeamViewer) is price it. When there’s dozens of safety choices proper at your fingertips, like we simply demonstrated, there isn’t a excuse for working TeamViewer with no person account, no two issue authentication, and a weak password.

قالب وردپرس