I am pleased to highlight that in the latest version of Remote Desktop Manager version 2021.1, we have increased the level of security for the API that pairs Remote Desktop Manager with Devolutions Web Login.
About Devolutions Web Login
In case you are unfamiliar with Devolutions Web Login, it is our free browser plugin that is used in conjunction with Remote Desktop Manager (and is also compatible with Devolutions Server and Devolutions Password Hub), and allows you to securely inject passwords into websites using credentials stored in your vaults.
About the Security Improvement
The authorization and cryptographic model of this feature has been redesigned for enhanced security. When Remote Desktop Manager and Devolutions Web Login are paired, what happens “under the hood” is a cryptographic key exchange. This creates a shared secret (encrypted key) that is the same for both applications, and which cannot be intercepted by someone snooping on the conversation.
This secret has two purposes: it allows Devolutions Web Login to query passwords and other information from Remote Desktop Manager, and it is also used to encrypt/decrypt the data that is exchanged between the two applications.
For more details on the cryptographic primitives used, please review our open source cryptographic library.
Setting Up Devolutions Web Login
When you first launch Devolutions Web Login and choose to use it with Remote Desktop Manager, you will be asked to pair the two applications:
If you wish, you can enter a name for the association in the text box. This will help you identify a particular session if you want to deny access (from within Remote Desktop Manager). If you do not enter a name for the association, then the default is the web browser running Devolutions Web Login (e.g. “Chrome”). We find that the default is sufficient for most of our users, but of course the choice is yours.
Once you click on Associate with Remote Desktop Manager, a popup window will appear in Remote Desktop Manager confirming that you made the request. Simply click Yes to accept the association request.
Once this is done, the applications are paired, and Devolutions Web Login will automatically start working!
Note that while Remote Desktop Manager can handle multiple associations (i.e., multiple browsers), Devolutions Web Login can only be paired to a single instance of RDM at a time.
How to Unpair a Browser Extension
If for any reason you wish to deny access to Remote Desktop Manager from a previously paired browser extension, then you can do it from within Remote Desktop Manager.
Here is what to do: go to File → Options → Browser Extensions. In the Devolutions Web Login Associations section, you will see a list of associations with Remote Desktop Manager. If you created a customized name for the association, then it will appear on the list. Otherwise, you will see the name of the web browser, a portion of the encryption key, the date the association was created, and the date when it was last used.
To unpair a browser extension, simply click the “x” button of the entry in the list, and then click OK to save the modifications.
Tell Us What You Think
We are continuously improving Remote Desktop Manager (and our other solutions and companion tools), in order to help you and your colleagues work more securely, efficiently and productively.
Please share your feedback on this enhanced security between Remote Desktop Manager and Devolutions Web Login by commenting below. We are always listening to you, and most of the additions and improvements we make are generated by our amazing community.