LogMeIn Introduces New Security Features

security

Well configured remote access solutions, like LogMeIn, increase productivity with no adverse impact on network security.  As we continue to advance our security features, we are committed to ensuring the ease-of-use for users combined with components that promote secure, safe, and wise use of our products.

According to recent research[1], security concerns are the number one roadblock for businesses moving to the cloud.  Taking the appropriate steps to secure your business is often simple –but 55% of businesses do not require two-step verification to ensure that extra layer of security and authentication[2].  Further, over half of businesses rely on either in-app prompts to direct users on updates and password strength or rely on employees to establish password strength and change passwords on their own[3].

With this in mind, we are excited to announce several new advancements to our Login Policy features that add additional security to prevent unauthorized access to your LogMeIn account and offer several verification options for end-users to gain instant access so that they are better equipped to be productive from anywhere. This is particularly important for those companies in regulated industries that require HIPAA and PCI compliance.[4]

What’s new with Login Policy?

Password Strength
Two new options are available for Password strength: ‘Standard’ and ‘Strong’.  Applying a “Strong” password policy will force users to create a robust, secure password meeting the following requirements.

  • Seven characters or more
  • Made of capital letters, lowercase letters, and numbers
  • Required change every 90 days
  • Does not match user’s LogMeIn ID
  • Does not match the LogMeIn ID or any of the user’s four most recent passwords

Your users will be affected at their next login after the feature has been enabled. If users have a password that does not meet the requirements, they will be forced to change their password.

Forced Two-Factor Authentication
Two-factor authentication adds a second layer of protection to your LogMeIn account.  Now, administrators can require this feature for all users. This added security process prompts users to enter a one-time security code with their password whenever they sign in.  Users have the opportunity to set this up from either a mobile authenticator app or via SMS text message.  Additionally – if the primary method is unavailable, users will be able to request a code via a backup.

All methods of two-factor are available for use. Users can use:

  • Security Codes via SMS
  • Google Authenticator (or Android/Windows equivalent)
  • Emailed Security Codes
  • LogMeIn Authenticator App  – NEW

login policy

 

 

 

 

 

 

 

 

 

 

 

LogMeIn Authentication App

pmi-app-icon-appstore_1024x1024

To make our end users experience as fast and simple as possible, we now have our own LogMeIn Authenticator app which can be used to simplify the second factor authentication to a single gesture.

The LogMeIn Authentication App is a dedicated two-step verification tool for use with LogMeIn accounts[5]. Using LogMeIn Authenticator, users can verify their identity by tapping the notification that they receive when attempting to sign in to their LogMeIn account. The app will also generate security codes as a secondary verification solution when your phone is offline.

 

For a detailed overview of these Login Policy enhancements, check out our online guide for updates on Password Strength and Two-Step Verification or login now. Also download the LogMeIn Authentication App today!

lmiquote

 

[1] Edge Strategies and LogMeIn
[2] Ponemon Research and LogMeIn
[3] ESG Research
[4]  When used and configured properly, the technical security features employed by LogMeIn assist companies with their HIPAA and PCI compliance requirements. In combination with User Access through Group/Computer permissions, LogMeIn allows you to get HIPAA and PCI ready.
[5] Please note it will not work with external sites/apps.

         

What your organization can do to avoid getting phished

As you are probably well aware, phishing attacks are on the rise all around the world. Organizations must take extra steps to make sure that they protect themselves as well as their customers against this threat.

As Attila mentioned in his post earlier this week, LogMeIn employs SPF, DKIM and DMARC on every email it sends from a @logmein.com address.

The combination of these three technologies allows the recipient server to validate that:

  1. The email was sent from a server authorized by LogMeIn
  2. The contents of the email has not been manipulated

The key point is that the check is done on your organization’s email servers. They have to support DMARC, SPF and SKIM in order to filter out phishing emails.

Most major email providers, including Gmail, Yahoo mail, and Outlook.com checks for these records and will put phishing emails appearing to come from a @logmein.com address into the Spam folder. Be wary of slighter variations of the domain part. If you see an email from logme.in.com or logmeein.com or some other variation of our domain, you can safely delete it.

If your organization maintains its own email servers, and you receive these phishing emails please ask your email administrator to set up SPF, DKIM and DMARC. You are going to save yourself from a lot of headache.

And as always, follow the best practices for email.

Does your organization use DMARC? If it does not, what is the reason?  Please leave a comment and share your thoughts.

         

Two phishing emails making the rounds

We’re getting reports from both LogMeIn users and the general public of suspicious emails. These appear to be part of a blanket phishing attempt. While there are some differences, all of the reports we’ve received are meant to appear as receipts with subject lines like “Your LogMeIn Pro payment has been processed!” and “Order Confirmation #789508 for <your email address>.” We want to make it clear that these did NOT come from LogMeIn and people should not click on or open any of the attachments in the email. As part of our commitment to security, we want to make sure our users and the public are aware of this specific email, and we wanted to share what we’ve learned, as well as provide an easy way for people to identify the tell tale signs of phishing attacks.

 Also, please note that LogMeIn employs DMARC, SPF and DKIM on emails sent from a @logmein.com address. These allow the recipient email server to make sure that the email was sent from an authorized source and that its contents are intact.

The checks are performed on the receiver side. All major email providers, for example Google, Yahoo and Outlook.com support these standards.

If you received a one of these emails, please contact your email administrator and point her to this web site http://dmarc.org/, as your email server is not checking for DMARC.

The email subject lines are:

  • Your LogMeIn Pro payment has been processed!
    Or
  • Order Confirmation #789508 for <your email address>

Intended behavior/action: Tries to get you to open corresponding attachment or a link, which contains malicious file.

The email body text examples are:

Example one:
Dear client,

Thank you for purchasing our yearly plan for LogMeIn Pro on 25 computers.

Your credit card has been successfully charged.

Date : 17/2/2015
Amount : $720 ( you saved $549.75)

The transaction details can be found in the attached receipt.

Your computers will be automatically upgraded the next time you sign in.

Thank you for choosing LogMeIn!

Example two:
Dear customer,

Thank you for purchasing our yearly plan for LogMeIn Pro on 25 computers.

Your order has been processed and your credit card has been charged.

For more information regarding this order, please review the attached order confirmation invoice.

To open the invoice, Microsoft Word must be installed on your computer and macros feature must be enabled.

LogMeIn Account: <your email address>
Date : 30 March 2015
Amount : $720
Credit Card : XXX-XXX-XXXX-8012

Your computers will be automatically upgraded the next time you sign into your account.

Thank you for choosing LogMeIn!

As with all suspicious emails, please don’t open/download any attachments in these messages.  We’ll update this post if we learn more, but please be sure delete these messages if you receive them.  We also recommend taking a look at our primer on how to protect yourself against phishing attacks.

         

LogMeIn Introduces Multi-Monitor Display

Whether you’re a small business or IT administrator, toggling back and forth between monitors slows down your remote access experience.

The LogMeIn team is excited to introduce multi-monitor display, a new way to remote control computers with multiple monitors. You are now able to seamlessly see and interact with all of your displays simultaneously. This is one of our top customer feature requests from our small business customers and provides our IT customers enhanced value.

“The new dual monitor support makes my remote experience productive and seamless. Now my local station and remote station appear indistinguishable and my work flow is greatly improved when remote.”

– Brian Seekford, CEO, Seekford Solutions, Inc

This new feature is available with LogMeIn Pro, as well Central Plus and Central Premier. Customers can easily begin utilizing real multi-monitor display so you can enjoy multiple remote monitors being presented 1:1 on your own monitors screens.

Want to see it in action?

Supported operating systems:

  • Host
    • Windows XP SP3 or newer
    • LogMeIn Host for Windows version 4.1.5022 or newer
  • Client
    • Windows XP SP3 or newer
    • LogMeIn Client for Windows version 1.3.773
    • Compatible with Firefox or Chrome LogMeIn Plugin
    • Internet Explorer
    • Mac (Coming Soon)

Versions Required:

To take advantage of the new multi-monitor functionality, both the LogMeIn host and client software need to be installed.  Please note that if you already have the LogMeIn host and client installed, these will automatically update to include multi-monitor in the coming weeks.

         

Phishing alert: Fake emails mimic LogMeIn receipts

We’re getting reports from both the general public and LogMeIn customers about suspicious emails that are designed to look like they are coming from LogMeIn — they have all the hallmarks of phishing attempts.  All of the reports have the same headline and text. And all are meant to look like a receipt of purchase. The email subject line is: Your LogMeIn Pro payment has been processed!” We want to make it clear that these did NOT come from LogMeIn and people should not click on or open any of the attachments in the email. As part of our commitment to security, we want to make sure our users and the public are aware of this specific email, and we wanted to share what we’ve learned, as well as provide an easy way for people to identify the tell tale signs of phishing attacks.

The email subject line is: Your LogMeIn Pro payment has been processed!
Intended behavior/action: Tries to get you to open corresponding attachment, which contains malicious file.
The email body text is:

Dear client, 

 Thank you for purchasing our yearly plan for LogMeIn Pro on 25 computers. 
 Your credit card has been successfully charged. 

 Date : 17/2/2015 
 Amount : $999 ( you saved $749.75) 

 The transaction details can be found in the attached receipt. 
 Your computers will be automatically upgraded the next time you sign in. 

 Thank you for choosing LogMeIn! 

    logmein_pro_receipt.doc (95)
As with all suspicious emails, please don’t open/download any attachments in these messages.  We’ll update this post if we learn more, but please be sure delete these messages if you receive them.  We also recommend taking a look at our primer on how to protect yourself against phishing attacks.
         

Introducing the New Central

We’re rolling out new versions of our LogMeIn Central product line, each designed to deliver unique value to our IT customers, while making it far easier for each and every Central customer to get the right product – and the right capabilities – to meet their specific needs.

What’s new?

Starting this week, there will be three new versions of Central: Central Basic, Central Plus and Central Premier. The foundation of this simplified and improved offering is our signature remote access capabilities, including even faster remote access, some great new features to help better organize large groups of computers, new options to further secure access to your computers with two-factor authentication, as well as mobile and desktop app enhancements. And if that is all you are using today, then the Basic version will likely be a perfect fit.  For those customers who are using Central to empower remote workers, Central Plus offers state-of-the-art remote productivity capabilities like remote printing, multi-monitor support, and file transfer capabilities across ALL computers in an account. Designed for business-critical IT management and automation, Central Premier  delivers  advanced alerts and monitoring, One2Many automated tasks (and scripts), simplified Windows updates, reporting, self-healing alerts (including new mobile alerts), and new premium customer support.

central GG comparison chart

When will this be available?

The new versions of Central are being rolled out over the next few weeks to ALL current Central customers. So if you’re a Central customer, you will soon experience the new version of the product that best meets your needs – and you’ll get this new version for the remainder of your current subscription at no additional cost.  Customers can also choose to gain access to other versions immediately, should they choose, by contacting their account manager.

How will this impact pricing?

The new versions of Central should not only simplify how a customer chooses desired capabilities, but also how they purchase – and scale – their Central account to meet their specific organizational needs. In other words, the pricing has been created to best pair needs with value. One of the biggest changes with this move is the elimination of purchasing individual seats of LogMeIn Pro (for host computers) separate from Central. Pricing will be set simply based on the capabilities you use which translates into which version you need and the number of remote computers you’d like to remotely manage, access or support. For some customers, this will mean not only a more simplified purchasing, but an absolute reduction in total costs.  For others, it will provide a much better way to simplify payment for the value they expect and count on with Central.

Please note, that unless you choose to upgrade prior to the end of your current subscription, pricing won’t change until the time of your Central renewal.  To make the transition as smooth and seamless as possible you will  be notified 30-days in advance of your renewal.  We’ll provide you specific pricing information and details on the product you’ll have post renewal.

When and where can I learn more?

Once your Central account has been updated, you’ll experience the new features first hand We’re also carving out space in our community site, dedicated specifically to the new Central, where product specialists are happy to share more and answer any questions you may have. And in the coming days and weeks, we’ll be posting a whole new series on the Central blog featuring product demos, deep dives on new features, as well as tips & tricks that will help you get the most value out of your Central product.  So subscribe to the blog, check out the community, and keep a look out for the new Central update in your account.

         

New Year, New Central

In early January, we’ll be taking the wraps off new versions of LogMeIn Central designed to deliver new value to our IT customers, while making it far easier for each and every Central customer to get the right product – and the right capabilities – to meet their specific needs.

So what will this new Central look like and what’s in it for you?

We’ll be revealing the full details of the new offering early in the New Year, but at a high level, the new Central will be delivered in three simple versions, making it far easier for customers to get the right fit for their needs. The foundation of this simplified and improved offering will start with faster, more elegant remote access capabilities, raising the high bar on what you’ve come to expect from LogMeIn. From there, we’ve designed each distinct edition based on your feedback.  Just need to remotely access PCs and Macs without all the other bells and whistles? We’ve got you covered. Looking to extend remote access to your employees and customers so they can remain productive when outside the office?  We’ve got the perfect mix for you. Rely on Central for business-critical IT management and automation?  We’ve got the professional grade innovation ready to go in a nice simple package.

We’ll be sharing more in the coming weeks. So stay tuned.

         

CUSTOMER ALERT: NEW PHISHING EMAILS MIMIC INVOICES

We’ve getting reports from both LogMeIn customers and the general public about suspicious emails that are designed to look like they are coming from LogMeIn addresses — they have all the hallmarks of phishing attempts.  The email subject lines vary slightly, but include language about an ‘Invoice’ and ‘Credit Card Declined.’  We want to make it clear that these did NOT come from LogMeIn and people should not click on any of the links in the emails.

As part of our commitment to security, we want to make sure our users and the public are aware of these specific emails, and we wanted to share what we’ve learned, as well as provide an easy way for people to identify the tell tale signs of phishing attacks.

Example subject lines on the emails are:

Email 1: LogMeIn Payment Invoice #48209182 – Credit Card declined

Email 2: LogMeIn Central Invoice #67018011 – Credit Card declined

Intended behavior/action:

Tries to lure you to click on a link to a fake invoice page.

What they look like:

Email (text/copy):

Dear client,

Your LogMeIn Central subscription is due to expire on December 11, 2014.

We were unable to charge your credit card for the due amount.( Merchant message – Insufficient funds)

Please remit the payment for the due invoice before Dec 11, 2014 to avoid service interruption.

The payment invoice has been issued and can be downloaded from our website :

<LINK REMOVED FOR SAFTEY>

If the problem persists, contact us to complete your payment.

Thank you for choosing LogMeIn

As with all suspicious emails, please don’t click on any links or open/download any attachments in these messages.  We’ll update this post if we learn more, but please be sure delete these messages if you receive them.  We also recommend taking a look at our primer on how to protect yourself against phishing attacks.

         

Sporadic connectivity issues with LogMeIn and join.me

UPDATE:

We’ve successfully applied a fix that should resolve the issues described below. The fix was applied last Friday, and subsequent tests over the weekend into today (Monday) have confirmed that it has had the desired effect. All services should be back to normal. Again, our apologies to those who experienced these issues.

ORIGINAL POST: 

We’re actively investigating reports of sporadic connectivity with join.me, LogMeIn Pro and LogMeIn Central. We apologize for any inconvenience this may cause, and wanted to assure you that our team is working tirelessly on a resolution. Here’s a quick update on what we’re seeing and potential options that may resolve the issues in the meantime, should you experience them.

What we’re seeing

The issues are affecting some but not all people, and result in one of the following experiences.

  • Getting ‘kicked out’ of active sessions. i.e. After successfully logging in, people suddenly appear to get disconnected or logged out.
  • LogMeIn.com or join.me homepages not loading or inaccessible. i.e. You cannot access either the join.me or LogMeIn.com website from your browser

Based on our investigation, we believe both are related to a single, common issue, and we’re actively fixing it.

What might help

One potential short-term fix is to clear your cache, close your browser and try to re-connect.  Many people who have reported these issues have since been able to connect upon further attempts.

When the issues will be resolved

Our team has been working around the clock, and we believe we have identified the contributing factors. Fixes are actively being tested and applied now.  We believe that these steps will enable us to reach a resolution by this weekend, and we will provide a further update as soon as possible.

In the meantime, thank you for your patience, and once again, we apologize for any inconvenience or disruption this may have caused.

         

[Webinar Recap] Beyond the Basics: LogMeIn Pro and Central

LMI_Blog

Simple, immediate remote access and control is something Managed Service Providers (MSPs) count on to stay efficient every day.  LogMeIn reliably facilitates industry-leading remote access and is dedicated to ensuring MSPs get continuous value from our solutions.

Understanding how to go beyond the basics of LogMeIn Central and Pro was the focal point of a webinar held earlier this week, led by LogMeIn’s Joshua Berkowitz, Senior Manager, Products and LogMeIn Central customer Michael Chen, CEO, CSP NetworksThe webinar “Beyond the Basics: LogMeIn Pro and Central” discussed some exciting new features rolled out in 2014, tips for combining power of LogMeIn Pro and Central, and specific feature use cases to accelerate business.

In review: Autotask Integration Empowers MSPs

Creating a seamless day-to-day workflow that eliminates the need to use multiple interfaces to handle ticketing and extending an MSP’s ability to do more with less time is something LogMeIn has been very dedicated to. This August, LogMeIn announced our integration between Autotask and Central.   Berkowitz ran a brief demo and covered how the integration was designed to help Managed Service Providers (MSPs) increase their efficiency and reduce response times when managing their clients’ highly distributed, mobile-centric work environments.

Berkowitz also elaborated on key LogMeIn Pro features that enable productivity for clients, and allow IT administrators to better manage devices from anywhere.

CSP Networks and LogMeIn

Chen, who uses Central and Pro at CSP Networks, provided background on his business and their services. He relayed that LogMeIn’s quick connections and stable support provide the groundwork for the key pillars of his business.  Along with LogMeIn Chen is able to push forward their Expert IT Management, Monitoring and Support, and Complete Technology Services

Further, Chen asserted that he and his team are committed to LogMeIn because of our focus on connectivity to devices.  Chen also revealed that for his organization, LogMeIn’s fast, stable remote connectivity allows them to bring their customer service to the next level.

CSP Networks leverages advanced features to stay in control, fast easy remote access for their admins and client end-users, as well as business critical IT and automation.  All of this gives his IT staff complete visibility.  By partnering with LogMeIn, CSP Networks provides their customers – comprised of both businesses and internal IT departments– consistent support, enriched customer service and remote access and productivity for employees to work from anywhere.

If you missed out…

To hear Berkowitz and Chen discuss crucial tips for MSPs, hear how CSP Networks maximizes the value of LogMeIn Central and Pro view the webinar now.