Posted by: Charles Maitland | Wednesday 2 December, 2009

LogMeIn – 5 stars for security

I, as I am sure many people do, support a number of family members on their computers. To save on the interminable calls trying to work off their descriptions of what is going on I install the free LogMeIn client and then remote onto their machine.

The other day I was setting my Mother’s machine up with Windows 7 and some upgraded RAM and adding this new machine to my available computers was on my check list.

In the process of doing this I mistyped my complex password, I got it right on the second attempt and thought nothing of it. I was, however, delighted to get the following email about 30 seconds later from LogMeIn.

Event: Login failed
Source: Website
Account Holder: Redacted
Company: Company
By: The email I had tried
At: Sun Nov 29 18:09:16 UTC 2009
From: My IP Address
Change how these messages are sent by logging in, selecting Account then Security.

I now know that if someone tries to use my account to get access to the computers I manage I will get instant notification.

I also got instant notification of the deletion of the old computer and the creation of the new one.

This attention to detail is what sets an already good service apart.

EDIT

Ok not only was I pleased by the security measures I am also astonished (in a good way) that within about 20 mins Kevin from LogMeIn had posted a comment to this post which outlines a raft of other security measures they take.

  • Account Lockout: If there are five failed attempts at accessing your LogMeIn Account, then your account gets locked out, and an email is sent to you informing you of the lockout.
  • IP Address lockout: If there are five failed attempts to access your computer, then that user (IP address) is blocked for 30 minutes.

I would recommend reading the white paper they have on how they designed the security model. It goes way beyond the level I use or really need but again reinforces the fact that the the concepts of security and attack vectors are baked into the design.

Now I accept that the need for one time keys and RSA SecureIDs etc are beyond my needs and (zero) budget it is nice to know that the same mentality is behind my use as an enterprise use.  

Disclaimer. I have no affiliation with LogMeIn at all other than using their free client for basic family support.

Advertisements

Responses

  1. I sincerely appreciate you taking the time to note some of our security features. I am so pleased that you value security in a product, as that is one of our top priorities.

    Since you’re interested, thought I’d let you know about some other security measures:

    Account Lockout: If there are five failed attempts at accessing your LogMeIn Account, then your account gets locked out, and an email is sent to you informing you of the lockout.

    IP Address lockout: If there are five failed attempts to access your computer, then that user (IP address) is blocked for 30 minutes.

    SSL encryption: Once a connection is established, all traffic is encrypted using the same technology trusted by major banking institutions to allow secure online banking.

    There’s more detailed information in our security white paper:
    https://secure.logmein.com/documentation/Security/wp_lmi_security.pdf

    Thanks again, I look forward to you highlighting more great LogMeIn features in the future!

    Kevin Aries
    Community Relationship Manager, LogMeIn Inc
    Twitter.com/LogMeInNews
    Facebook.com/LogMeIn


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: