gotomypc-personal-plan

Contents

Is GoToMyPC Safe? A Comprehensive Security Analysis for IT Professionals

As a remote access technology pioneer, GoToMyPC has had its share of security woes. In previous breaches, hackers exploited human/digital vulnerabilities, which the company has resolved. Learn more about these cases and how alternatives like RealVNC can allay your hacking fears.

Secure remote access—previously confined to select IT personnel—has become a must-have for businesses of various sizes as workplaces go hybrid or off-site. Flex Index’s Flex Report Q2 2024 reveals that the percentage of US-based companies that have adopted this business setup has gone up to 37% in 2024 from 20% the year before. Moreover, employees who travel, supply chain vendors, and third-party service providers often require remote access. 

The growth in the number of users accessing sensitive network resources on more devices from more locations increases the threat of security risks. IBM’s latest report pegged the global average data breach cost at $4.88 million. Furthermore, the research shows that recovery from such breaches can take over 100 days. 

In light of these trends, employers—from small businesses to global enterprises—must select the most reliable remote access software to protect business data. These solutions grant exclusive access to authorized users, barring web-based threats, such as ransomware and malware.

In this article, we’ll look into one of the most popular and veteran names in the market—GoToMyPC. Let’s evaluate its features to determine if it’s a viable tool for your remote support needs.

Overview of GoToMyPC's Security Features

GoToMyPC software—launched in 2003—is a product of LogMeIn, a SaaS provider of connectivity and support solutions. GoToMyPC offers individual/personal use plans and enterprise-level (Pro and Corporate) packages.

Ensuring Authorized Access

Two elements aim to guarantee secure GoToMyPC usage:

Two-factor authentication (2FA)

GoToMyPC uses 2FA for an extra layer of identity verification. It asks users to enter a password or code sent via text message before gaining access to the platform. Moreover, the software limits the number of login attempts to avert hacker attacks.

Access code and passwords

GoToMyPC requires passwords (at least eight alpha-numeric characters) and access codes to prevent your account from being compromised. The platform also asks you to enter a password before using it on a device where it’s installed. Then you must enter another password or access code for the device you will view or control remotely.

Preventing Unauthorized Attempts

GoToMyPC prevents malicious actors from entering user accounts through these features:

Encryption protocols

The software uses the banking-grade 256-advanced encryption standard (AES) to ensure the privacy of user activity (chats, keyboard strokes, or mouse input) and data (file transfers or screenshots) exchanged between connected devices—whether they be mobile devices or desktop units.

Other privacy features

Other security features of GoToMyPC include “screen blanking,” which turns an unattended host device’s screen black or green to prevent others from viewing your remote operations. The software can only blank out PC hosts. For added visual security, admins can enable remote computer locking to automatically lock access to the host computer after disconnecting from a remote session. They can also activate the “lock keyboard and mouse” feature while remote sessions are ongoing.

Examining GoToMyPC's Security Vulnerabilities

Despite its security infrastructure, GoToMyPC users may have to guard against the repeat of these cyber threats, which the platform experienced in recent years:

Unauthorized access

In separate cases, the company notified users to reset their passwords due to these incidents:

Password attacks

They include “re-use attacks,” wherein cybercriminals used usernames and passwords maliciously obtained from other websites to access GoToMyPC accounts.

Man-in-the-middle (MITM) attacks

These incidents involve hackers stealing sensitive information by eavesdropping on or intercepting communications between two parties, typically the user and the network. GoToMyPC uses “AES in cipher feedback mode” (CFB) to counter such moves. CFB prevents threat actors from generating counterfeit keys to get access remotely and interfere with communications.

Software update delays

GoToMyPC users have also experienced slowdowns during software updates or when other programs or operating systems like Windows run their updates and affect its platform.

Risks of delayed updates

Feedback following GoToMyPC updates primarily shows a slowdown in business operations. Besides inconvenience and productivity loss, late updates can make users susceptible to cyberattacks, which result in financial loss and reputation damage. Unpatched security flaws make systems vulnerable to attackers looking for entry points in the remote connection.

History of GoToMyPC Security Breaches and Vulnerabilities

GoToMyPC users had suffered from two major breaches with six years between them. Read on to learn more about these incidents and how the company took action.

Past incidents

June 2016

GoToMyPC admitted being hit by a “very sophisticated password attack.” Citrix—which owned the platform then before being acquired by LogMeIn in 2017—said it was a case of a “password reuse attack.” In such circumstances, hackers who manage to secure a password for one account try using it to log into the person’s other accounts (email, social media, and banking). Weeks before the incident, Facebook, Twitter, Netflix, Reddit, GitHub, and TeamViewer also suffered from the same attack.

November 2022

GoToMyPC launched an investigation after detecting “unusual activity within our development environment and third-party cloud storage service.” Its findings shared in January 2024 revealed that “a threat actor exfiltrated (stole) encrypted backups” and an encryption key for a portion of these backups.

Addressed vulnerabilities

Response to the 2016 incident

Citrix announced a mandatory password reset for all authorized GoToMyPC users. The company reminded users to create unique and strong passwords—meaning they should’ve not been used for other accounts. Moreover, it encouraged enabling 2FA.

Response to the 2022 incident

The company sent direct communications to affected customers containing actionable steps to “further secure their accounts.” It also authorized resetting multi-factor authentications.

Other security updates

In December 2022, GoToMyPC launched the Security Center, where users can configure their security settings. These include viewer security time-out (amount of inactivity time before the Viewer disconnects), locking the host computer, blanking out the screen while connected, and locking the host computer’s keyboard and mouse.

Assessing Remote Access Security

A robust access control strategy can keep your workforce agile and flexible without sacrificing data security. Implementing such a game plan requires selecting, auditing, and maintaining your remote support software with care.

Checklist for evaluating remote support software

Whether you already have a service partner or you’re still contemplating your options, consider these three key factors to determine the suitability of remote desktop solutions to your current needs:

Security features

The best platforms should offer prompt and automated security patches and updates, multi-level authentication, end-to-end encryption of all connections, logs and session recording, and per-user level permissions management to enforce “least privilege.”

Compliance and certifications

Choose software that complies with local (such as the Service Organization Control Type 2 or SOC2 cybersecurity compliance framework in the US) and international regulations (such as the EU’s General Data Protection Regulation) and adheres to global information security management standards like the ISO 27001.

Vendor reputation

Research and scrutinize your prospects’ track records and customer support. Also, check other customers’ reviews and feedback about their experiences with those vendors.

A Safe Alternative to GoToMyPC: RealVNC Connect

RealVNC built its products to ensure every connection can withstand possible hostile actors through our customizable secure technology. Whether you use RealVNC products via LAN, the VNC cloud, or a mobile device, you benefit from these features:

RealVNC's Security Features

End-to-end encryption

RealVNC uses up to 256-bit AES encryption partnered with the protocol Transport Layer Security (TLS) 1.2, which prevents decryption at any time by anyone, including RealVNC. Subscribers can adjust user permissions to view-only or limit access actions (such as file transfer or copy-pasting text).

Endpoint integrity verification

RealVNC’s 2048-bit RSA keys automatically verify identity on every touchpoint, protecting your and your client’s systems from MITM attacks. We blacklist users unable to authenticate properly to deter brute-force attacks, DoS, and dictionary attacks.

Flexible Deployment Options: On-Premise and Cloud Solutions

Various deployment options are available, including offline licensing if you prefer on-premise usage behind your network’s firewalls instead of connecting through the VNC Cloud.

Commitment to Data Protection: Compliance with Standards

RealVNC is ISO27001-certified and GDPR-compliant. It also adheres to the Health Insurance Portability and Accountability Act (patient data) and Payment Card Industry Data Security Standard (credit card account information).

Conclusion: Is GoToMyPC Safe?

The recent steps taken by GoToMyPC to beef up its security provide current and future users some peace of mind, given the introduction of its Security Center. Nevertheless, as part of due diligence, give yourself time to study the platform’s features more closely to understand requirements—including allowlisting for your firewall—and features your customers can control. This way, you can help your workforce and clients guard against its past threats, including password re-use attacks and encryption key theft.

RealVNC: A More Polished Alternative

As a reliable remote desktop software provider, RealVNC is proactive about security. It goes beyond encryption protocols, 2FA, and screen blanking to assure users with stable and safe remote access through:

  • Multi-factor authentication
  • Customizable permissions management
  • Blacklisting
  • Penetration testing
  • Regular third-party security risk audits
  • Round-the-clock customer service support

RealVNC hosts its cloud service and doesn’t use a broker or third party such as AWS or Azure. Moreover, the company releases vulnerability updates and fixes regularly.

Don’t let security challenges derail your operations and growth or mar your reputation. Check RealVNC for yourself by signing up for a free trial.

The original remote access software

RealVNC® Connect, is the remote access solution for organizations that demand strong security, resilience, and peace of mind.

See how other customers are using RVNC® Connect

iStock_0

Calderstones NHS Trust

"With RealVNC® remote access software we have been able to provide a more responsive helpdesk, positively impacting on staff morale throughout an …
Learn more »
Azimuth OW League

Azimuth Digital

"Deploying the software was easy for everyone involved and made it seem as though we were right there in the same room …
Learn more »
608172

Aardman Animations

"RealVNC® remote access software allows us to assist Editors and Animators experiencing IT problems, without needing to leave our desks."<br><br> Paul Reeves, Production …
Learn more »

Experience secure remote freedom, like never before

We don’t require credit card data. 14 days of free, secure and fast access to your devices. Upgrade or cancel anytime

G2 stars review

4.7 stars, 400+ reviews
Top 50 IT Management
Products 2020

Apple App Store

4.8 stars, 11,700 reviews
Apple Store 5M+ downloads

Google Play Store

4.7 stars, 55,000 reviews
Google Play Store 5M+
downloads

Capterra

4.5 stars, 100+ reviews
Best Software Reviews
Platform