TLS encryption with a per-device certificate, end-to-end-encrypted direct connections, and port 443, how Tenvo keeps your remote sessions secure without compromising on performance.
Every remote desktop session is, by nature, a potential attack surface. You're sending keystrokes, mouse movements, and screen content across the internet. That's why encryption isn't optional, it's the foundation. Tenvo secures all connections with TLS using a unique per-device certificate. On a direct (peer-to-peer) connection, the session is end-to-end encrypted and the relay is not involved at all. When a connection has to fall back to the relay, traffic is encrypted in transit to that relay. Because the client is open source (AGPL-3.0), you can verify exactly how the transport works.
Unattended-access credentials stay on your device. When you set a permanent password, it's hashed locally before being stored, the password never leaves your device in plaintext, and our servers never receive it. During connection, authentication happens via a challenge-response protocol, so the actual password is never transmitted over the network.
We route all traffic through port 443 (the same port used by HTTPS) for two reasons. First, it's almost never blocked by firewalls or corporate proxies, so your connections just work. Second, the traffic is indistinguishable from regular HTTPS traffic to network observers, adding a layer of privacy.
Beyond encryption, Tenvo includes practical security features: connection approval prompts (so no one can silently connect to your machine), session logging with timestamps, and temporary one-time passwords for support sessions. Security isn't a feature we bolt on, it's how we build everything.
Get Tenvo
Ready to try it yourself?
Free for 30 devices, no credit card. Up and connected in two minutes.