Security
      Back to home
      1. Help Center
      2. Getting Started
      3. Security

      Fingerprint

      What is a fingerprint?


      In AnyDesk, a fingerprint is a unique identifier that is inherently part of the cryptographic certificate used to authenticate a device. Just like how a key is linked to a specific lock, AnyDesk generates a self-signed certificate on your device for secure communication. The server stores the public part of this certificate and derives a fingerprint from it, linking it to your AnyDesk-ID. This ensures that only the correct certificate can use a given AnyDesk-ID, preventing impersonation.

      How does AnyDesk use the fingerprint?


      When you start AnyDesk for the first time, your device generates a RSA certificate and a private key. The private key is used to establish a secure TLS connection by encrypting the data stream. The certificate is used by our servers to derive a fingerprint, that is permanently linked to your AnyDesk-ID. The fingerprint is extracted after a valid TLS handshake between client and server. 

      Here’s how it works, step by step:

      1. First-time connection: When your client connects to the AnyDesk server for the first time, the server assigns an AnyDesk-ID and links it to the public key, from which the fingerprint is derived.
      2. Subsequent connections: Each time you connect again, the server checks your certificate to look up the associated AnyDesk-ID, ensuring that the connection is linked to a known and trusted certificate.
      3. Server verification: Since fingerprints are checked at every AnyDesk-server connection, unauthorized devices cannot impersonate an AnyDesk-ID without the correct private key.

      How can you use it to protect yourself?


      Since AnyDesk fingerprints are tied to unique client certificates, they ensure that no one can impersonate your device without access to your private key.

      Here’s how you can stay secure:

      • The AnyDesk-ID is only ever linked to one fingerprint. If you notice an AnyDesk-ID with a different fingerprint, something is wrong. Treat it as a potential security risk.

      • Always check the AnyDesk-ID first. It remains the main identifier for your AnyDesk client.

      • For an extra security check, verify the fingerprint. If you want to be extra cautious, compare the fingerprint shown in AnyDesk with the one you expect. The fingerprint for your AnyDesk client can be found in Settings > About AnyDesk > Security > Fingerprint.

        • If someone is connecting to you, you can see their fingerprint in the Accept Window.
        • If you are connecting to someone else, you can see their fingerprint in the Session Toolbar.
      • Use it like a caller ID. If you expect a call from a friend but the number is different, you would double-check before answering. Treat AnyDesk fingerprints the same way, if the fingerprint does not match, think twice before connecting or accepting the connection.