I, as I am sure many people do, support a number of family members on their computers. To save on the interminable calls trying to work off their descriptions of what is going on I install the free LogMeIn client and then remote onto their machine.
The other day I was setting my Mother’s machine up with Windows 7 and some upgraded RAM and adding this new machine to my available computers was on my check list.
In the process of doing this I mistyped my complex password, I got it right on the second attempt and thought nothing of it. I was, however, delighted to get the following email about 30 seconds later from LogMeIn.
Event: Login failed
Account Holder: Redacted
By: The email I had tried
At: Sun Nov 29 18:09:16 UTC 2009
From: My IP Address
Change how these messages are sent by logging in, selecting Account then Security.
I now know that if someone tries to use my account to get access to the computers I manage I will get instant notification.
I also got instant notification of the deletion of the old computer and the creation of the new one.
This attention to detail is what sets an already good service apart.
Ok not only was I pleased by the security measures I am also astonished (in a good way) that within about 20 mins Kevin from LogMeIn had posted a comment to this post which outlines a raft of other security measures they take.
- Account Lockout: If there are five failed attempts at accessing your LogMeIn Account, then your account gets locked out, and an email is sent to you informing you of the lockout.
- IP Address lockout: If there are five failed attempts to access your computer, then that user (IP address) is blocked for 30 minutes.
I would recommend reading the white paper they have on how they designed the security model. It goes way beyond the level I use or really need but again reinforces the fact that the the concepts of security and attack vectors are baked into the design.
Now I accept that the need for one time keys and RSA SecureIDs etc are beyond my needs and (zero) budget it is nice to know that the same mentality is behind my use as an enterprise use.
Disclaimer. I have no affiliation with LogMeIn at all other than using their free client for basic family support.