LogMeIn & Passwords: Is Your Account Safe?

TL;DR

Yes, a remote user with access to your computer via LogMeIn could potentially capture your password as you type it. However, there are several steps you can take to significantly reduce this risk, including using strong passwords, enabling two-factor authentication where possible, and being aware of keylogging risks.

Understanding the Risk

LogMeIn (and similar remote access tools) allows someone else to control your computer. This means they can see everything you see and do – including what you type. If they’re actively controlling your session while you enter a password, they could capture it.

Steps to Protect Your Passwords

1. Strong & Unique Passwords: This is the most important step. Use different, complex passwords for each website and service. A password manager can help with this.
   • Avoid easily guessable information like birthdays or pet names.
   • Aim for at least 12 characters, including a mix of uppercase letters, lowercase letters, numbers, and symbols.
2. Enable Two-Factor Authentication (2FA): Where available, always enable 2FA on your important accounts (email, banking, social media). This adds an extra layer of security beyond just a password.
   • 2FA typically involves receiving a code via text message or using an authenticator app.
3. Be Aware During Remote Sessions: Never enter sensitive information (passwords, credit card details) while someone is actively controlling your computer remotely.
   • Ask the remote user to disconnect before you need to type anything confidential.
4. Check LogMeIn Security Settings: Review and adjust your LogMeIn security settings.
   • Session Control: Ensure only authorized users have access to your computer.
   • Alerts: Enable alerts for new logins or unusual activity.
   • Password Complexity Requirements: If LogMeIn allows, enforce strong password requirements for user accounts accessing your system.
5. Keylogging Protection (Advanced): Keyloggers record every keystroke you make.
   • Anti-Virus Software: A good anti-virus program can detect and remove keyloggers. Keep it updated!
   • On-Screen Keyboard: Use the on-screen keyboard (accessible through Windows Accessibility settings) when entering passwords, especially during remote sessions. This bypasses the standard keyboard input that a keylogger might capture.

     Start Menu > Settings > Accessibility > Keyboard > On-Screen Keyboard

6. Regularly Scan for Malware: Run full system scans with your anti-virus software to detect any malicious programs that might be capturing your keystrokes or other sensitive information.
7. Consider a Virtual Keyboard (Advanced): Some websites offer virtual keyboards directly on their login pages. These can provide an extra layer of protection.

What if you suspect your password has been compromised?

1. Change it immediately: Update the password for that account and any other accounts where you use the same password.
2. Monitor your accounts: Keep a close eye on your financial accounts and credit reports for any unauthorized activity.