2024/06/25

How to keep unattended access secure

Learn how to protect your devices and boost security using blocklists, two-factor authentication, and other best practices.

  • Manage systems and machines
  • No doubt about it — unattended access is a powerful feature. You can use it to connect remotely to devices without relying on someone physically present to accept the connection request. However, while it’s a game-changer when it comes to remote work, it also brings considerable security risks.

    Whether you’re managing servers, overseeing kiosks worldwide, or accessing your home desktop computer, ensuring secure unattended access is crucial. This article aims to outline some TeamViewer best practices to help you do just that.

    Best practices for secure unattended access

    1. Only use random passwords for attended machines

    Random passwords are super useful for attended machines that sometimes require remote support. On the contrary, for unattended devices, random passwords can become a security risk.

    To disable random passwords, go to Options > Security > Random password (for spontaneous access) and select Disabled (no random password).

    2. Eliminate personal passwords for host devices

    If the device you’re connecting to is assigned to a TeamViewer account or group, eliminate personal passwords (this link shows you how). Anyone, who knows the personal password, can potentially access the device.

    Consider using Easy Access (explained below) instead of personal passwords. Check the setting under Options > Advanced > Personal password.

    3. Enable Easy Access: a more secure approach

    Enable Easy Access on a device assigned to your TeamViewer account. With Easy Access, no random or personal password is required. You only need to be logged in to your TeamViewer account. Two-factor authentication (2FA) enhances security significantly.

    Set up Easy Access by following these steps:

    If the device is already assigned to your account:

    1. Click Extras > Options > Security
    2. Under Unattended access, activate the checkbox for Grant easy access
    3. Click OK

    If the device is not yet assigned to your account:

    1. Click Extras > Options > Security
    2. Click the Configure button
    3. In the Assign to account dialog box, click Assign
    4. Under Personal password (for unattended access), activate the Grant easy access checkbox
    5. Click OK

    4. Use allowlist and blocklist

    Use the allowlist and blocklist features to control who can connect to your devices.

    Blocklist:

    • Add TeamViewer accounts or device IDs that should be blocked from making connections
    • Useful for preventing malicious connection attempts
    • Block public-facing devices beyond your firewall

    Allowlist:

    • Only allow TeamViewer accounts and device IDs added to the allowlist
    • Ideal for granting remote access to specific individuals or groups
    • Configure your lists under Extras > Options > Security > Block and allowlist > Configure

    Read more about block and allowlist in the Knowledge Base.

    5. Use two-factor authentication (2FA) at connection level

    2FA provides visibility and approval power for every connection attempt.

    When someone tries to connect to a secured device:

    • You receive a push notification on your phone
    • The notification includes the device ID attempting the connection
    • You can approve or deny the request
    • Use 2FA for devices with limited connections or those only accessed by you

    Learn more about activating TFA for connections in our TeamViewer Community article.

    Summary

    Unattended access is a valuable tool, but it has to be secured against external threats. By following these five best practices, you’ll ensure that unattended access remains safe and doesn’t compromise your security.

    Want more security tips?

    Visit the TeamViewer Community to connect, get expert advice, and stay updated on our latest remote access and IT solutions.