TeamViewer is a great free program, whether you want to access your computer from afar or help out friends and relatives with their computer. But its default settings are remarkably insecure, instead favoring ease of use. Here’s how to lock down TeamViewer so you can make use of its features without opening yourself up to attack.
The Problem with TeamViewer
Back in 2016, there was a rash of computers compromised through TeamViewer. And just now, in December 2017, TeamViewer was forced to issue an emergency fix for a serious vulnerability in the program. Even when there aren’t any glaring security holes or widespread attacks, though, it’s very easy for a TeamViewer user to have their computer compromised if they don’t have all the right settings in order. And if you look at reports of past compromised machines, most victims were using an unsecured setup.
By default, TeamViewer isn’t a particularly secure application. It favors ease of use over difficult-to-navigate security procedures. This is useful when you’re trying to help your dad solve his computer woes from across the country: you can have him download a single file, run that file, have him give you the simple numeric computer ID and password, and boom, you’re controlling his computer and solving the crisis. But leaving TeamViewer in that simple first-run mode (which really should only be used in such a simple state for those one off emergencies) is just asking for trouble.
TeamViewer has tons of security options you can toggle on and tweak, however, and it’s really easy to go from a not-secure TeamViewer experience to a very secure TeamViewer experience with only a little tinkering.
Before we proceed, however, there are a few things we’d like you to keep in mind while reading through the tutorial. First, not every person needs to turn on every option we suggest. You need to balance your needs and workflow against the security changes you make—you wouldn’t want to, for example, turn on the feature that requires a user at the computer to accept the incoming TeamViewer request if you’re using TeamViewer to connect to your own unattended computer.
Second, if TeamViewer is installed on your computer through your work, by a tech support company you’ve hired, or by a relative who helps troubleshoot and maintain your computer, we’d encourage you to read over this article (and potentially take advantage of some of the tips) but to also consult with the person in charge of your TeamViewer experience.
Basic Security Practices
Before we get into the nitty-gritty of TeamViewer’s settings, let’s talk about a few basic security practices (that, frankly, apply to almost any program, not just TeamViewer).
Exit TeamViewer, and Run It Only When You Need It
Our first suggestion is both an immediate action you need to take and a general suggestion for future use. First, compromises are often a result of poor security practices, we’re going to do one thing right away: shut TeamViewer temporarily off and update it, and, while the application is turned off, we’re going to update the security on your TeamViewer account through the company’s webpage. (More on this in the next section.)
As a general future consideration, only run the TeamViewer application when you need it. That way, even when there is a vulnerability in the program (like the one just discovered and patched), you won’t be in nearly as much danger. An application that isn’t running can’t cause any trouble for you. While we understand that some people keep TeamViewer on 24/7 as part of their workflow, and if you absolutely have to, fine. But if you only use it occasionally in your home, or you’re one of the people who only turns it on to occasionally troubleshoot a relative’s computer, then don’t leave it running all day, every day. This is the single best way to avoid giving someone access to your machine.
With that in mind, shut down your TeamViewer application if it is currently running before proceeding onto the next steps.
Create a Strong Password
After shutting down the TeamViewer app, it’s time to log into your TeamViewer account at https://login.teamviewer.com. If you use TeamViewer without an account, we would strongly encourage you to sign up for a free account, as it’s much more secure. Not only do many of the security tips we’re going to highlight over the course of this tutorial rely on features only available to account holders, but you can’t take advantage of the recently rolled out behind-the-scenes security features—account monitoring and trusted devices—without an account.
Once logged in, click on your name in the upper right corner of the screen and, from the drop down menu, select “Edit profile”.
You’ll be in the “General” section of the “Profile settings” menu. There are two sections here immediate interest to us: the “Change password” link and the two factor authentication (which we’ll get to in a moment). Select “Change password”.
Enter your current password and replace it with a long, strong new password. Confirm the password and then select “Change password”. Need to brush up on your strong password crafting skills? We’ve got you covered.
Enable Two-Factor Authentication
Before we proceed, there is something we must strongly emphasize. Enabling two-factor authentication on your TeamViewer account increases the security for the login credentials for your TeamViewer account. It does not, by default, apply the two factor system to the actual client. You could set a very strong password on your TeamViewer account and turn on two factor authentication, but if you leave the client password set to the default 4 digit numeric password, then the two-factor authentication would do nothing to protect you.
It is critically important that you complete the entire tutorial here and (as we demonstrate in the later sections) either set a very strong password on your TeamViewer client or, better yet, lock your client to your account (thus locking it to the two factor authentication).
After you change your password you, as you did in the previous step, you will be automatically signed out of your TeamViewer account. Log back in and return to the same location in the Profile > General menu. Select the link “Activate”, next to “Two factor authentication”.
If you’re unfamiliar with two factor authentication, you can read up on it here. In short, two factor authentication adds another layer of identification to the login process (instead of just your email and password, you need your email, password, and the unique code generated by the authentication app on your cellphone). TeamViewer supports several authenticators, including Google Authenticator (iOS/Android) and Authy (iOS/Android). Take a moment to install one of the aforementioned applications, if you aren’t already using one.
Once you’ve selected “Activate”, you’ll see this little menu describing two factor authentication. Click “Start activation”.
At this point, you’ll see a screen like the one below, with a large black QR code in the center. Open up your authenticator of choice, press the button to add a new service, and scan the QR code.
If for some reason scanning it doesn’t work, you can always click the “enter the secret key manually” link and type it in instead of scanning it. Once you’ve successfully added it to your authenticator, click “Next”.
Check the security code for TeamViewer within your authenticator app and enter it now. Click “Activate” to confirm.
On the final step, print the emergency recovery code. Store this code in a safe place. If you lose access to your authenticator, this is the only way you will be able to remove the two factor authentication.
At this point we’re now done with the website. After printing the emergency code you can log out of the site.
Update TeamViewer
If you run TeamViewer infrequently, or if automatic updates got turned off somewhere along the line, you may not be running the most up to date version. The TeamViewer installation file is really small, however, so it’s trivial to grab the freshest copy and run it to ensure your TeamViewer application is up to date before we even open it up again.
You can download an updated version of the desktop application here. Run the application and select “Basic” installation (to prevent TeamViewer from installation as a Windows Service), and then run TeamViewer and log into the application with your new password.
You’ll be prompted, immediately after logging in, to enter the security code from your two factor security code. Reference your authenticator app and enter it now.
To play it extra safe, after completing the login process, you can select Help > Check For New Version from the toolbar to confirm you’re running the most up-to-date version number.
Lock Down TeamViewer’s Security Settings
At this point, you’re already ahead of the game by simply replacing your password with a new and stronger one and turning on two-factor authentication. While that secures your TeamViewer account in general, however, we still…
The post How to Lock Down TeamViewer for More Secure Remote Access appeared first on FeedBox.