Security
and compliance
RealVNC Connect is built from the ground up with security in mind, affording you the flexibility and access you need while providing the controls and privacy required by regulations.
Our fundamental security principles
High-trust services
You don't have to trust RealVNC as a company to trust our software and services
Secure data storage
We do not record your sessions, and data cannot be decrypted now or in the future
Secure environment
Every connection is treated as though it is made in a hostile environment
Connection control
The owner of the remote computer ultimately decides who is able to connect
-
GENERAL QUESTIONS
-
DEVICE ACCESS
-
ON-DEMAND ASSIST
Frequently
asked questions
If you can’t find an answer to your question, please visit our Help Center or get in touch with us.
You create a RealVNC® account when you purchase RealVNC® Connect, or take a trial.
Your RealVNC® account credentials (email address and password) are important; please do not share them with anyone! You need them them each time you:
- Sign in online to manage your team, subscription and more.
- Sign in to RealVNC Server to apply your subscription to remote computers (if you have device access).
- Sign in to RealVNC Viewer to remotely access computers (both device access and on-demand assist).
Your account password must be at least 8 characters long and should not be the same as a RealVNC Server password, nor that of any other online service you use.
Note that if you invite someone in to your team to share remote access, that person sets up their own RealVNC® account in the process of accepting your invitation. They never need to know your RealVNC® account credentials.
We strongly recommend enabling 2–step verification on the Security page of your RealVNC® account.
Every remote control session must be authenticated before it can begin.
- If you have device access, connecting users must authenticate to RealVNC Server, an app installed as part of RealVNC® Connect on every remote computer. There are many different authentication schemes, and multi-factor authentication is available. More information.
- If you have on-demand assist, an end user enters a 9-digit code unique to the session, received from their support technician out-of-band. It’s not possible for anyone else to connect in.
Yes. We recommend setting it up.
Everyone should enable 2-step verification for their RealVNC® account on the Security page. See how to do this.
If you have device access, we also recommend enabling multi-factor authentication for RealVNC Server, an app installed as part of RealVNC® Connect on every remote computer. See how to do this.
Yes, every remote connection on a RealVNC® Connect subscription is end-to-end encrypted using at least 128-bit AES 2048-bit RSA keys and perfect forward secrecy. You also have the option to increase this to 256-bit AES for added security. To do this:
- Open the RealVNC Viewer app, and navigate to File > Preferences > Expert.
- Search for the Encryption parameter and set the value to
AlwaysMaximum
.
Follow the instructions below.
- Buy a Business Premium or Enterprise subscription.
- When creating your RealVNC® account, choose a complex, unique password (not one you use for any other online service).
- Enable 2-step verification for your RealVNC® account on the Security page online.
- If you wish to share remote access, only invite people you trust in to your team.
- Mandate 2-step verification for all these people as well on the Security page.
- If you have device access, additionally follow these instructions.
Security is at the heart of our business so we publish information about vulnerabilities as soon as we find them.
We do not record your sessions, and never store remote computer passwords. We don’t store payment or credit card information either; that’s stored on our behalf by a PCI DSS-compliant vendor (Braintree).
We do store certain data in the following circumstances:
- If you enable analytics when installing RealVNC Viewer.
- If you have device access and enable either analytics or update notifications when installing RealVNC Server.
- If you have device access and sign in to RealVNC Viewer on multiple devices in order to sync your address book.
- If you have on-demand assist, note we automatically record certain session events for review purposes.
See our privacy policy for what data is collected and where it is stored.
If you don’t want RealVNC® to store any data at all then you must:
- Buy an Enterprise subscription.
- Only enable device access (that is, install RealVNC® Connect on computers you own or manage).
- Only establish direct connections to those computers.
- Disable analytics and update notifications for both RealVNC Viewer and RealVNC Server.
- Connect using RealVNC Viewer without signing in to it (your address book will not sync between devices).
Frequently
asked questions
If you can’t find an answer to your question, please visit our Help Center or get in touch with us.
Only the people you invite to your team can sign in to RealVNC Viewer and discover your computers. With a Premium or Enterprise subscription you can add further restrictions by assigning permissions on your account in the RealVNC® Connect Portal to precisely match computers with people.
Since a person cannot discover your computers, you have the added assurance that they cannot establish cloud connections to them. There’s no way to bypass our discovery service.
If you have an Enterprise subscription and intend to establish direct connections, it is possible for a malicious entity to scan for the port you’ve opened in the remote computer’s firewall (5900 TCP by default) so ensuring you have a securely configured setup is crucial. It’s much safer and easier to use cloud connectivity over the Internet.
RealVNC Server has a unique digital signature designed to help keep you safe online. This is a hexadecimal representation of a 2048-bit RSA public key hash, which (in the real world) means it’s a six-word memorable catchphrase, for example “Omega Chris Chicago. Alabama arrow network”.
When you connect, the RealVNC® services automatically verify this identity, and RealVNC Viewer additionally prompts you to check it yourself. If you’re subsequently warned that the catchphrase has changed, it might indicate that someone has tampered with the computer, or is trying to intercept your connection (a ‘man-in-the-middle’ attack).
Note: if you have an Enterprise subscription and establish a direct connection, then the RealVNC® services cannot perform this automatic check, so you should do so yourself.
With a Lite subscription, you only have access to a single authentication scheme. Make sure the password you’re prompted to create when you install RealVNC Server is difficult to guess, and keep it safe. You must specify at least 6 case-sensitive letters, numbers, and special characters such as !@*#&,
though we recommend more (the maximum is 255).
If you have a Plus, Premium, or Enterprise subscription, then by default RealVNC Server is integrated into the credentialing mechanism of the remote computer, so you don’t have to create or remember yet another password. Just connect using the same user name and password you normally use to log on to your user account on that computer. You can register other users with RealVNC Server so they can connect using their own familiar system account credentials if you wish.
If you have a Premium subscription, you can change the default system authentication scheme to specify multi-factor authentication for RealVNC Server.
If you have an Enterprise subscription, you can set up single sign-on (SSO) for RealVNC Server.
Yes. You can make sessions view-only for everyone on RealVNC Server’s Options > Users & Permissions page:
If you have a Premium or Enterprise subscription, you can exercise more fine-grained control and make sessions view-only just for some.
Alternatively, RealVNC Viewer users can choose to make their own sessions view-only from RealVNC Viewer’s Properties dialog or mobile app toolbar.
Yes, if you have a Plus, Premium, or Enterprise subscription.
You can register any number of users or groups (perhaps from your corporate network) with RealVNC Server:
You can then grant specific permissions to each. So for example you could grant system administrators full remote access, members of the group ‘teachers’ sufficient permissions to control the remote computer but not to transfer files or print, and make members of the group ‘pupils’ view-only.
If you have a Lite or Essentials subscription, then all connected users have the same global permissions, though you can turn individual features off for everyone (including yourself), or make all connections view-only, if you wish.
The first time you use RealVNC Viewer to connect to a computer, you must enter the password expected by RealVNC Server.
Subsequently, you can ask RealVNC Viewer to remember this password so you don’t have to enter it each time. If you do, we additionally recommend setting a master password for RealVNC Viewer in case you lose or share your device:
RealVNC Viewer stores passwords locally and never syncs them to other devices via our cloud service (so you’ll have to remember them on each device you connect from). Download our whitepaper for the technical details.
Note you can sign out remotely from all RealVNC Viewer devices if you think your account has been compromised. Sign in to your RealVNC® account and navigate to the Security page.
Yes. RealVNC Server automatically logs audit information, so you have a complete record of who’s connected, when, from where and, if the user successfully authenticated, the time of disconnection (so you can calculate session length).
The storage destination for this information differs depending on the platform and RealVNC Server mode. General information about logging is available here.
Note you can quickly dial up the logs to debug level if you need.
Yes. If you will be physically present at the computer when people connect, you can configure RealVNC Server to notify you and approve or reject each connection:
Please note: The Connection Request dialog box will not be shown in the RealVNC Server UI when a user with admin rights to that computer connects to it.
To do this, turn on Show accept/reject prompt for each connection on RealVNC Server’s Options > Connections page:
You can disconnect all users immediately:
…or individually from RealVNC Server’s Information Center dialog.
By default, users can connect concurrently. You can specify that only one user connects at a time.
By default, if a connecting user fails to authenticate properly five times in a row, their computer is blacklisted. You can lower this threshold for additional protection from brute-force or port scanning attacks.
If you have an Enterprise subscription and establish direct connections, you can filter incoming computers to prevent connections from particular IP addresses:
You can blank the screens of most Windows computers (up to and including Windows 10). This is “curtain mode” – equivalent to turning the monitor(s) of a remote computer off so people in the vicinity can’t see what you’re doing.
Screen blanking is hardware-dependent for Windows 8 and 10, so we recommend testing those systems first to make sure screen blanking will be effective:
For Windows 7 and earlier, most hardware should be supported. For Windows 8 and 10, most desktop screens manufactured after 2011 should be supported, including major manufacturers such as Dell and Samsung. Unfortunately, there is not as much support for laptop screens. Assuming your desktop screen was manufactured after 2011, try the following if the screen blanking test fails:
- Remove any base stations, splitters or repeaters used to connect your screens.
- Update your graphic card driver software to the latest version.
- If there is an option on the screen’s setup menu called MCCS or DDC/CI, enable that option.
You can prevent the keyboard and mouse of the remote computer being used by whoever wanders past while you’re remotely connected to it:
You can configure RealVNC Server to automatically lock or log out from a Windows or Mac computer when you disconnect:
Of course, you can always lock or log out during your remote control session. Just don’t power the remote computer off, or you’ll be disconnected until someone turns it on again!
First, follow the general instructions for RealVNC® accounts here.
Then, follow the additional instructions below. Note you can perform bulk operations on computers remotely using policy, which has the additional security benefit of locking down those computers, preventing change by local users.
- In your RealVNC® account online, assign permissions on the Computers page to restrict discovery appropriately.
- On each remote computer:
- Install RealVNC® Connect in a secure location (such as
C:\Program Files
), and turn on update notifications. - Upgrade to 256-bit AES session encryption.
- Turn off direct connectivity. Only establishing cloud connections means no holes need be opened in firewalls.
- Enable multi-factor authentication for RealVNC Server.
- Restrict session permissions appropriately, perhaps to make particular users view-only.
- Harden blacklisting.
- Lower the idle timeout.
- If the owner will be physically present to approve connections, turn on query connect.
- Lock the remote desktop when the last user disconnects.
- Install RealVNC® Connect in a secure location (such as
- Review connection logs on a regular basis.
Frequently
asked questions
If you can’t find an answer to your question, please visit our Help Center or get in touch with us.
Every session is logged and a session history stored online.
If you have a Plus, Premium, or Enterprise subscription, you can drill down into an individual session on the Sessions page of your RealVNC® account and review a detailed activity log.
The following activity is recorded:
Session start and end times
File transfer operations
Elevation requests
Reboot attempts
Chat transcripts
Note that chat transcripts are encrypted-at-rest on RealVNC’s servers. Privacy policy.
RealVNC Viewer requests a session code each time a technician starts an instant support session, and RealVNC’s services automatically generates a 9-digit code unique to the session.
This code is valid for 10 minutes. In that time, the technician must communicate it out-of-band so the end user can start the session.
The code expires either when it is used, or after 10 minutes, whichever comes first.
RealVNC Viewer requests a session code each time a technician starts an instant support session, and RealVNC’s services automatically generates a 9-digit code unique to the session.
This code is valid for 10 minutes. In that time, the technician must communicate it out-of-band so the end user can start the session.
The code expires either when it is used, or after 10 minutes, whichever comes first.
Device sign-in verification
We send an email each time we detect a sign-in to your RealVNC® account from a new device at a new location, to protect you from malicious activity.
Penetration Test Report
Download our latest annual penetration test results, conducted by independent cyber security experts NCC Group.
Multi-factor authenticator
Security whitepaper
A complete overview of the features, policies and controls that keep your computers and data protected wherever you are.
Try RealVNC Connect® today for free
We don’t require credit card data. 14 days of free, secure and fast access to your devices. Upgrade or cancel anytime