Disable "Save Password" from server
Prevent users from saving passwords on the viewer.
Preferably at the user / group permissions level vs. a global setting (or both?)
Prevent users from saving passwords on the viewer.
Preferably at the user / group permissions level vs. a global setting (or both?)
Comments
Hi Mike and Vincent,
Thanks for your post! Currently you can disable VNC Viewer saving passwords for connections using the PasswordStoreOffer parameter in VNC Viewer's Preferences, Expert section. This can also be set via Group Policy if you are using VNC Viewer in a domain environment.
Otherwise, you may wish to enable MFA when connecting to the VNC Server. This will show a prompt on every connection, even if the username/password has been saved. This is achieved by using VNC Server's RADIUS authentication (https://help.realvnc.com/hc/en-us/articles/360002253538). If you don't have a RADIUS solution in place already, we have a guide on how you can set up MFA using Duo's MFA here: https://help.realvnc.com/hc/en-us/articles/4406779417105
I hope this helps!
Jack N
I echo this request. Our biggest security hole with RealVNC is users saving passwords within VNC Viewer, and the ability to launch VNC connections with no further prompt. Even though VNC accounts themselves are protected with 2FA, viewer itself remains authenticated between sessions, and saved passwords within viewer means no safeguard exists if a client machine running VNC viewer is compromised. An admin policy option to prevent vnc viewer from saving passwords on a user/group level would help mitigate this exposure.
This needs to be controlled from the Server side
Please sign in to leave a comment.