Zoom went on a three-month security binge to better secure the platform to keep unauthorized users from accessing meetings, and the company still isn’t done rolling out new security measures.
The company on Thursday unveiled enhanced two-factor authentication for web, desktop and mobile that requires online users to present two or more credentials to authenticate their account. They could include a password, pin, smart card, mobile device or fingerprints or voice.
According to Zoom, this helps organizations reduce the risk of identity theft and security breaches by adding an extra layer of security to prevent bad actors from guessing passwords or phishing attempts. It also brings enhanced compliance for organizations that require a high level of security, reduces costs to pay for an SSO service and helps users better manage passwords.
Zoom users can use authentication apps that support Time-based One-Time Password protocol like Google Authenticator, Microsoft Authenticator and FreeOTP. Zoom can also send a code via SMS or phone call as the second factor in the authentication process.
According to The Verge, 2FA isn’t new to Zoom, but the company only offered the enhanced security feature on the web only. The rollout will also include users of free accounts.
From April to June, Zoom embarked on a 90-day plan to address security and transparency issues in the platform and froze the rollout of non-security features. What resulted was enahcned encryption, a new security-focused user interface, secure meeting defaults, third-party reviews, a CISO adivosry council and other security hires and an improved bug bounty program.
The company is also planning to roll out end-to-end encryption to all users.
According to Zoom, this is how users can enable 2FA:
Sign in to the Zoom Dashboard
In the navigation menu, click Advanced, then Security.
Make sure the Sign in with Two-Factor Authentication option is enabled.
Select one of these options to enable 2FA for:
- All users in your account:Enable 2FA for all users in the account.
- Users with specific roles:Enable 2FA for roles with the specified roles. Click Select specified roles, choose the roles, then click OK.
- Users belonging to specific groups:Enable 2FA for users that are in the specified groups. Click the pencil icon, choose the groups, then click OK.
Click ‘Save’ to confirm your 2FA settings.