TeamViewer Trust Center
Your single source for the latest security, compliance, and system performance information.
From within the TeamViewer Management Console, users are able to define, distribute, and enforce setting policies for the TeamViewer software installations on devices that belong specifically to them. Setting policies are digitally signed by the account that generated them. This ensures that the only account permitted to assign a policy to a device is the account to which the device belongs.
To learn more about setting policies and the different options available, visit the article, How to add a new settings policy in our knowledge base.
Black and Whitelist
Particularly if TeamViewer is being used for maintaining unattended computers (i.e. TeamViewer is installed as a Windows service), the additional security option to restrict access to these computers to a number of specific clients can be of interest. With the whitelist function you can explicitly indicate which TeamViewer IDs and/or TeamViewer accounts are allowed to access a computer. With the blacklist function, you can block certain TeamViewer IDs and TeamViewer accounts. A central whitelist is available as part of the “policy-based settings” described above under “Management Console.”
For steps on how to set up blacklists and whitelists, visit our knowledge base.
Chat and Video Encryption
Chat histories are associated with your TeamViewer account and are therefore encrypted and stored using the same AES/RSA 4096-bit encryption security as described under the “TeamViewer Account” heading. All chat messages and video traffic are end-to-end encrypted using AES (256-bit) session encryption.
No Stealth Mode
There is no function that enables you to have TeamViewer running completely in the background. Even if the application is running as a Windows service in the background, TeamViewer is always visible by means of an icon in the system tray. After establishing a connection there is always a small control panel visible above the system tray. Therefore, TeamViewer is intentionally unsuitable for covertly monitoring computers or employees.
For spontaneous customer support, TeamViewer (TeamViewer QuickSupport) generates a session password (one-time password). If your customer tells you their password, you can connect to their computer by entering their ID and password. After a restart of TeamViewer on the customer’s side, a new session password will be generated so that you can only connect to your customer’s computers if you are invited to do so.
When deploying TeamViewer for unattended remote support (e.g. of servers), you set an individual, fixed password, which secures access to the computer.
There are many configurable password options you can customize.
For in-depth articles on password options and settings, visit the All about passwords section of our knowledge base.
Incoming and Outgoing Access Control
You can individually configure the connection modes of TeamViewer. For instance, you can configure your remote support or meeting computer in a way that no incoming connections are possible. Limiting functionality to those features actually needed always means limiting possible weak points for potential attacks.
To restrict functionality for incoming connections, you can set up an access control. Choose between Full access, Confirm all, Viewing access, Custom settings or Deny any incoming remote control connection.
With custom settings, you can configure the remote device in such a way that, for example, controlling mouse and keyboard on the remote device is only possible after confirmation by your customer. Your customer basically has full control of what is happening on his device.
For more information on ways to control access or to set up logging and reports for incoming and outgoing connections, visit our knowledge base.
TeamViewer assists companies with their HIPAA compliance requirements. Two-factor authentication adds an additional security layer to protect TeamViewer accounts from unauthorized access. In addition to both username and password, the user must enter a code in order to authenticate. This code is generated via the time-based one-time password (TOTP) algorithm. Therefore, the code is only valid for a short period of time. Through two-factor authentication and limiting access by means of whitelisting, TeamViewer assists in meeting all necessary criteria for HIPAA certification.
For details on how to set up two-factor authentication, visit the tutorial video in our knowledge base.
The TeamViewer Management Console offers the possibility to centrally manage several TeamViewer accounts inside a company by one or several users. This allows to assign different permissions to the company users centrally.
A company profile also allows central management of client settings for the TeamViewer clients of your company, management of available contacts and computers for every user in the company profile, and many other features that support centralized permission and access management.
For more information on adding, removing, and setting permissions for users, visit our knowledge base.
Trusted Devices is an extra layer of security for your TeamViewer account to prevent your TeamViewer account from unauthorized access. As a preventive measure to ensure your account’s security, you need to authorize every new device on which you sign in to your account for the very first time.
Read more about how to authorize devices in our knowledge base.