Zoom With Two-Factor Authentication To All Users: A Step Forward Towards Better Security


Zoom has experienced popularity, as well as controversies that include 'Zoombombing' and some other privacy issues.

As a step towards making a better platform for its users, Zoom has rolled out a security enhancement by adding two-factor authentication (2FA) across its platform. This feature requires users to have more than one credential to join a meeting.

Zoom said adding 2FA to its platform offers users a secure way to validate their identities, protect users against incidents, as well as providing a number of benefits such as a reduced risk of identity theft and security breaches by preventing malicious actors from accessing legitimate accounts.

This also enhances Zoom's compliance with data protection regulations, reduces costs by eliminating the need for expensive single sign-on (SSO) technology, and easier credential management.

To use 2FA on Zoom, users have the option to use authentication apps that support time-based one-time password (TOTP) protocols, like Google Authenticator, Microsoft Authenticator or FreeOTP. Otherwise, Zoom can also send a code via SMS or phone call

"Zoom offers a range of authentication methods such as SAML, OAuth, and/or password-based authentication, which can be individually enabled or disabled for an account," the firm said in a blog post.

Read: Coronavirus, And The 'Zoom' Mess That Haunts People At Their Own Home

The main benefits of introducing the 2FA feature to Zoom is enhanced security.

To use 2FA, users must first sign in to Zoom Dashboard, navigate the menu to access 'Advanced', to then click on 'Security'. There they can enable the ‘Sign in with Two-Factor Authentication’ option.

Administrators can activate the 2FA feature, and enabling it for either all users, or for specific users by function or grouping.

2FA was entirely necessary given the increase in Zoom usage, and the high-profile stories of Zoombombing.

However, it should be noted that the growing sophistication of phishing threats can make 2FA not necessarily a 100% foolproof. But still, having the security feature is better than having none at all.

Zoom 2FA diagram
Zoom 2FA diagram. (Credit: Zoom)
"Two-factor authentication (2FA) is a two-step sign-in process that requires a one-time code from a mobile app or text message, in addition to the main Zoom sign-in. This provides an additional layer of security since users will need access to their phone to sign in to the Zoom web portal, desktop client, mobile app, or Zoom Room."

The announcement follows previous actions taken by Zoom to bolster the security of its service, which have included making available free end-to-end encryption available for all users, which followed its acquisition of Keybase, as well as hiring experienced security experts for assistance.

"Zoom’s 2FA within our unified communications platform provides a secure way to validate users and protect against security breaches and provides a number of benefits."

It should be noted that this isn't the first time Zoom has offered support for 2FA.

Previously, the feature has been made available on the web only, rather than being available through Zoom's desktop or mobile clients, the company said.

With this announcement, 2FA is launched to all Zoom users, regardless the method they use.

Zoom has seen a huge rise in users (despite lying a bit) and revenues, as remote working boom enforces many people around the world to rely on technology for meetings. With no sign of slowing down, Zoom has become a household name for many companies and their employees around the world.

With 2FA rolling out, users should feel safer.