I mentioned a few weeks ago that LogMeIn is my best option for mobile management or remote control of my machines when not at the office. In fact, since then, I’ve even built a litle “drone” machine that I keep at the office and plugged into the UPS. Its whole function in life is to be my remote client — in other words, my eyes and ears on the office WAN, regardless of where I might physically be.
I have to confess, however, that I was a wee bit nervous about keeping things secure. Not that I feel LogMeIn has security issues! Nope. But by default it is username and password based. When the remote machine essentially has the “keys to the kingdom”… well, you’d worry a bit too.
The way things work by default is that I have to first log in to the LogMeIn site over SSL. Then, once I select the computer I wish to remotely control, I have to provide more credentials; this time my Active Directory username, password and domain name. Not too bad really, but I was hoping for another factor.
While poking around the site to get my backups going, I found the other factor in the “Extra Security” section of Account Management. Yeah, not exactly hidden… I just hadn’t noticed it before!
There are two main options there: Emailed Security Code and Printed Security Code.
The Emailed Security Code option is the one I’m using. The idea here is that an email will be sent each time I log in. In the email is a one-time key that I have to provide to the LogMeIn login process for final authentication. Just need to ensure that the provided email account is reachable from a mobile device — SMS mail works, but I just send it to one of my GMail accounts since they all work nicely from mobile devices as well.
The Printed Security Code option generates a list of one time codes. You print and carry the list around and enter the proper one when prompted. When they’re all used up you’re prompted to print another sheet.
There’s a third option to send email notification every time anyone logs in. That’s more of a monitoring thing, but can be useful.
There’s a LogMeIn security white paper (PDF) that goes into quite a bit more detail
So there I go — two factor authentication to control access my critical ops boxes. I can rest a bit easier now.
Possibly Related posts:
November 24th, 2007 
Tags: 
I recently had LogMeIn recommended as I wanted to be able to monitor applications I run at work whilst at home, and vice versa. I must say I find it works well most of the time, but still has a number of glitches, most annoyingly, the fact that the connection to my home machine always seems to drop out. I’m on a 2Mb connection in the office, and have a 3Mb/1Mb connection at home, so it surely can’t be a bandwidth issue.
Still, good point about the additional security, that increases it to 3 levels before your machine can be accessed!
I hated doing tech support for my mom… some new issue every week. I installed the client on her machine and it works like a charm. 1 hour tech sessions are reduced to 10 minutes.
With 10+ years using remote support tools, I can for sure told you Logmein is the best. I pay for the LogmeIn ignition and this help us to support 20+ friends and family members. Is amazing: secure, fast, no firewall setup and no IP required for the connection.
Do you know of any tool that can manage the use of LogMeIn in an organisation.
It should log its use and work station.
There is a battle going on at the moment in our organisation between IT Support who want to use LogMeIn from home to access workstations to give support outside office hours, and teh security/firewall department. The Security department have used BlueCoat to block the use of LogMeIn because they see it as a company threat.
If the Security department had some central management tool to monitor the use of LogmeIn by its IT professionals then they won’t be scared of it anymore.
Is there such a tool?
There’s quite a bit the security department could do / manage… if all the PCs are registered under a central or corp account. However, if everyone has their own individual LMI account and is doing their own thing then you’re kinda hosed…
Everyone who has to use LogMeIn has a Windows acount which is a member of the same corp domain using a single active directory.
Is that what you wanted to know?
Nope
I was actually referring to the LogMeIn account associated with their computer.
At the moment everybody is using their own individual LogMeIn accounts.
If the IT support dept can log into the same corp account from their homes and connect to work stations and servers of their choice then that would be fine. Can more than one person use the same LogMeIn account at the same time? Is taht what you meant by corp account.