Security Tips

Table of Contents

       

Session Security

All sessions are secured using TLS1.2 with AEAD.
The connection type, enforced encryption mode, client verification status, and fingerprint can be found by the connmode in the AnyDesk toolbar.

VirtualBoxVM_Hvklu135vO

Back to Top

Security Features for the Client

  • The custom client provides a variety of configurable security settings. For details, see Customize AnyDesk and Settings.
  • Exclusive unattended access: Access to the client solely by providing the unattended password. See Exclusive Unattended Access
  • Salted password hashing: AnyDesk uses secure salted hash tokens for password transmission.
  • Two-factor authentication: Connection attempts to the client using unattended access can be secured using two-factor authentication. See Two-Factor Authentication.

Back to Top

Access Control List

See Access Control List.

On-Premises

For environments with high-security demands, AnyDesk provides the self-hosted On-Premises solution.
Fully operational even in offline networks with full control over all data. See AnyDesk On-Premises for more information.

Back to Top

Offboarding

While we cannot say what methods will fit your needs, we can give you some recommendations on what to do if an employee with AnyDesk access leaves.

  1. If you know the AnyDesk-ID/Alias of the staff member, you can simply remove their client in the Clients tab in the my.anydesk.com customer portal. This would remove their access to your Address Book.
  2. If the employee has knowledge of your my.anydesk.com customer portal password, please reset the password in Settings > General > Change password
  3. If the staff member has a saved copy of your current license key somewhere, then a reset of your license key would be recommended. Please note that removing the license key from a client will simply revert a client back to a Free license that offers basic functionality but disables premium features such as the Address Book or custom namespace.
  4. If you have public custom clients that automatically register the client to the license key. If the staff member has access to those links, then they can continuously be registered to your license key and access your Address Book regardless of if you reset your license key or not. Regrettably, the only way to solve this issue is to either make those links private so that only users who are logged into your my.anydesk.com account can download the file or delete and recreate those custom clients so you get a new public link. However, this will not affect already installed copies of the custom client and you would need to do 1) and manually remove that client.
  5. You can also "Clear all tokens" in the security settings to force every connection to that particular AnyDesk client to retype the password in case they had saved the password in their AnyDesk client. However, this will not be particularly helpful if the staff member knows the actual password or has it written down somewhere.
  6. If the employee has access to knowledge of your unattended access passwords, we would recommend changing all your unattended access passwords. 
  7. The most recommended and secure way to stop a former employee from accessing your clients after leaving would be to use the Access Control List. The access control list whitelists what clients are able to connect to a specific AnyDesk client. If an employee leaves, you can manually remove their AnyDesk-ID/Alias from each individual AnyDesk client. This way, even if they have knowledge of your unattended access passwords, they would not be able to send the session request anyways.

    However, for simplicity's sake, we would highly recommend purchasing a custom namespace. As our access control list allows wildcard values, you can simply set the access control list for every AnyDesk to only accept connections from e.g. "*@yourcompanyname". As custom namespaces are linked to the license key, if you remove your license from the former employee's client, their Alias with your custom namespace will be automatically removed and they will no longer be able to connect to your clients with the aforementioned access control list settings.

Back to Top