Additional Security for LogMeIn
Posted on November 24, 2007
2 Comments
I mentioned a few weeks ago that LogMeIn is my best option for mobile management or remote control of my machines when not at the office. In fact, since then, I’ve even built a litle “drone” machine that I keep at the office and plugged into the UPS. Its whole function in life is to be my remote client — in other words, my eyes and ears on the office WAN, regardless of where I might physically be.
I have to confess, however, that I was a wee bit nervous about keeping things secure. Not that I feel LogMeIn has security issues! Nope. But by default it is username and password based. When the remote machine essentially has the “keys to the kingdom”… well, you’d worry a bit too.
The way things work by default is that I have to first log in to the LogMeIn site over SSL. Then, once I select the computer I wish to remotely control, I have to provide more credentials; this time my Active Directory username, password and domain name. Not too bad really, but I was hoping for another factor.
While poking around the site to get my backups going, I found the other factor in the “Extra Security” section of Account Management. Yeah, not exactly hidden… I just hadn’t noticed it before!
There are two main options there: Emailed Security Code and Printed Security Code.
The Emailed Security Code option is the one I’m using. The idea here is that an email will be sent each time I log in. In the email is a one-time key that I have to provide to the LogMeIn login process for final authentication. Just need to ensure that the provided email account is reachable from a mobile device — SMS mail works, but I just send it to one of my GMail accounts since they all work nicely from mobile devices as well.
The Printed Security Code option generates a list of one time codes. You print and carry the list around and enter the proper one when prompted. When they’re all used up you’re prompted to print another sheet.
There’s a third option to send email notification every time anyone logs in. That’s more of a monitoring thing, but can be useful.
There’s a LogMeIn security white paper (PDF) that goes into quite a bit more detail
So there I go — two factor authentication to control access my critical ops boxes. I can rest a bit easier now.
Tags: LogMeIn, operations, security, Windows
Possibly Related Posts
Comments
2 Responses to “Additional Security for LogMeIn”
Leave a Reply
I recently had LogMeIn recommended as I wanted to be able to monitor applications I run at work whilst at home, and vice versa. I must say I find it works well most of the time, but still has a number of glitches, most annoyingly, the fact that the connection to my home machine always seems to drop out. I’m on a 2Mb connection in the office, and have a 3Mb/1Mb connection at home, so it surely can’t be a bandwidth issue.
Still, good point about the additional security, that increases it to 3 levels before your machine can be accessed!
I hated doing tech support for my mom… some new issue every week. I installed the client on her machine and it works like a charm. 1 hour tech sessions are reduced to 10 minutes.