We know that tech is smart, but is it smarter than the ever-evolving cyber threats? When it comes to LogMeIn, many people trust this remote access software. So, let’s dissect its security protocols, examine potential risks, and compare it with top alternatives.
Understanding LogMeIn
LogMeIn is one popular choice for businesses adopting remote work. The tool offers standard security features and aims to increase productivity among remote users, computers, and processes, to help companies adapt to the new working landscape. This tool makes remote access easier and safer while enhancing collaboration among remote computers.
But what does LogMeIn offer, exactly? LogMeIn provides a range of products designed to support remote work, including:
- Remote access—helping you access your computer from anywhere as if you were sitting right in front of it.
- Remote control—so that you can control your desktop or other devices remotely with ease. This feature simplifies the process of linking two computers from afar.
- Collaboration tools—use GoTo Meeting, GoTo Webinar, and other tools to stay connected with your team.
- IT management—tools like LogMeIn Rescue and Central help IT teams manage and support computers remotely.
LogMeIn is trusted by many businesses for its ease of use and security features, some of which are on par with industry-standard algorithms and certifications.
Key features of LogMeIn
LogMeIn Pro is the #1-ranked remote access tool for small and medium-sized businesses, according to their website. Even so, users are reluctant when it comes to recommending this tool to a friend, as seen through the publicly available reviews. The market is the best dictator of price and expectations, and it seems like so far, users are dissatisfied with the lack of extensive key features, little to no differentiators between plans, and the high cost.
Some of LogMeIn’s features include:
- Remote control
- Remote printing
- Multi-monitor support
- File sharing and storage (with 1TB of cloud storage)
- Mobile access (available on iPhone, iPad, or Android)
LogMeIn—6 Products for Accessing Computers Remotely
LogMeIn offers 6 flagship products:
- GoTo Resolve—an all-in-one IT management and support solution designed to simplify IT operations. This feature includes remote monitoring & management, remote support, Helpdesk integration, IT Automation, and more.
- LogMeIn Pro—LogMeIn Pro provides enterprises with tools for secure remote access and file sharing. It allows connectivity to computers from any location.
- Rescue—a remote support solution designed for PCs, Macs, and mobile devices, helping technicians troubleshoot and resolve issues remotely.
- GoToMyPC—offering secure connections to desktops, files, and applications from any remote device.
- LogMeIn Central—an IT management platform for remote access, monitoring, and endpoint management.
- Miradore—a device management solution supporting Android, iOS, Windows, and macOS devices that simplifies device enrollment, security management, tracking, and centralized management.
When offering multiple products, costs can escalate, while the learning curve steepens. That’s why we recommend opting for a single, all-encompassing solution.
Reduce the complexity of managing multiple products to simplify costs and operations. Focus on strategic initiatives rather than wrestling with multiple systems with a secure remote access solution like RealVNC.
Security Features of LogMeIn Server's Identity
LogMeIn cares about security, as highlighted in their company whitepaper and detailed security protocols:
- All communications through LogMeIn products are encrypted using SSL/TLS protocols, the same standards used in online banking and commerce, protecting data against eavesdropping, tampering, and forgery. LogMeIn uses AES-based encryption (128 or 256-bit keys) or 3DES (168-bit keys) for data encryption.
- LogMeIn uses multi-layered authentication processes. Users authenticate to LogMeIn.com using an email address and password, which are verified for added security. As per the company, ‘the host’s identity is verified based on a pre-assigned identifier and a pre-shared secret’. Optionally, users can enable an RSA SecurID two-factor authentication.
- LogMeIn combats brute-force login attempts with lockout mechanisms after several incorrect login attempts.
- Two layers of intrusion detection are in place. TLS ensures data integrity during transit using record sequencing and message authentication codes (MACs). Additionally, LogMeIn’s filters prevent unauthorized access based on IP address.
- LogMeIn ensures users can only access specific tools and features based on their roles with system administration functionalities.
- LogMeIn provides logging capabilities, detailing important events like logins and logoffs. These logs are stored in the installation directory and can be sent to a central SYSLOG server for centralized monitoring and analysis. Critical events are also logged in the Windows application event log.
Potential Security Risks of LogMeIn
Although the company has done a lot to protect itself against unauthorized access and malicious attempts, it has experienced significant security breaches, such as:
- Data Breaches—In a November 2022 incident, attackers hacked LastPass, one of the company’s products, and accessed customers’ encrypted backups. Alarmingly, they accessed the encryption keys for a portion of them. This breach affected various products, as the compromised data included usernames, salted and hashed passwords, some MFA settings, and product licensing information.
- Vulnerabilities—LogMeIn has faced several security vulnerabilities over the years. Notable issues include CVE-2020-35208 and CVE-2020-35207, where the LastPass iOS app’s password and PIN authentication could be bypassed through runtime manipulation. Another vulnerability, CVE-2019-16371, involved a clickjacking attack that could capture user credentials.
Following the 2022 breach, the company reset affected passwords, reauthorized MFA, and migrated accounts to a more secure platform. However, we advise remaining vigilant and considering remote access companies that treat security with utmost professionalism.
Data is gold in the age of AI and Web 3.0, and securing it is non-negotiable. Keep your trusted devices and remote access secure with RealVNC, the creators of Virtual Network Computing (VNC) technology.
User Best Practices for Security
- First thing first—passwords. Use complex combinations of letters, numbers, and symbols. Avoid reusing passwords across accounts. Enable multi-factor authentication (MFA) for added security and regularly update passwords. Consider using a reputable password manager to help you manage and use strong protection online, like LastPass.
- Now, let’s discuss updates. Keeping LogMeIn software, or any remote access solution for that matter, up-to-date is essential for protecting against security vulnerabilities. In 2023, 58% of ransomware attacks targeted vulnerabilities in remote access systems, so you’ve got to be vigilant and update your remote access software with each new version.
- Educating users around you is also important, with phishing scams on the rise (with 30% of all adults worldwide experiencing a phishing attack). Be wary of unsolicited emails or messages requesting personal information or login credentials. Verify the legitimacy of emails by checking the sender’s address and looking for signs of spoofing.
Pro tip: Use Bitdefender’s AI-powered scam detection tool, Scamio, to spot and avoid online scams.
- Always verify the server’s identity before connecting. Ensuring the host’s identity through pre-assigned identifiers and a PKI certificate can prevent man-in-the-middle attacks.
- For secure remote access, you should connect through trusted networks. Public Wi-Fi networks can be vulnerable to attacks, so using a VPN (Virtual Private Network) can encrypt the connection and protect sensitive data.
- Back up your data, every-single-time. If your critical data is backed up regularly and securely, you can prevent most of the potential losses due to ransomware or other threats.
Expert Insights and Recommendations
So, is LogMeIn safe? Truth be told, we’ve seen better.
While it holds SOC 2 and SOC 3 certifications, as well as C5 and ISO 27001 compliance, LogMeIn lacks evidence supporting compliance with official HIPAA (Health Insurance Portability and Accountability Act) standards.
On paper, its encryption protocols and multi-factor authentication seem to be on par with industry standards. However, recent incidents such as the 2022 security breach have highlighted vulnerabilities.
Still, given its features, the pricing seems to be quite high.
Researching the web, we found some pretty dissatisfied users on consumer review websites.
Our take? Weigh LogMeIn’s security measures against potential risks and consider alternatives like RealVNC for enhanced deployment flexibility and advanced security features. Overall, LogMeIn remains a viable, yet expensive choice for remote access, provided you implement best practices and stay updated on security recommendations and new patch updates.
The Secure Remote Access Software Making Waves Among IT Professionals
LogMeIn is a popular remote access software, known for its strong security measures, including encryption, multi-factor authentication, and intrusion detection. These features ensure data protection and secure connections, backed up by certifications like SOC 2 and SOC 3 (though lacking official HIPAA compliance).
If you’re asking us “Is Logmein safe?”, we don’t have a definitive answer. With the latest updates, you can use this tool securely to exchange data and get the job done, especially when only two computers are involved. On an organizational level, we’d double-check to see which alternatives can serve the purpose better, at a lower cost.
If you choose to use LogMeIn as your preferred remote access software, follow our tips to maximize security:
- Stay aware of phishing and other online scams
- Keep your software updated to patch vulnerabilities
- Create unique passwords and enable multi-factor authentication for added protection
But before you review LogMeIn Central, Rescue, GoTo Resolve, Miradore, Pro, or GoToMyPC…why not consider an all-in-one, highly secure alternative?
Ever Heard of RealVNC?
With a score of 4.7/5 out of over 400 reviews, RealVNC Connect is a trusted remote access solution for businesses worldwide, offering secure, real-time desktop viewing and control. Ideal for remote work, system management, and IT support, it’s praised for:
- Ease of use
- Reliability
- Strong security, also compliant with GDPR, HIPAA, PCI DSS, and ISO 27001.
With support across multiple platforms, flexible pricing starts at $2.99 per device per month, billed annually. Learn more about RealVNC Connect today!