Zoom has finally rolled out the two-factor authentication (2FA) feature to further improve the security for its users. With the coronavirus pandemic, Zoom has seen the highest growth among the video conferencing services. Moreover, increasing popularity also highlighted several security vulnerabilities in its service.
Even a new word emerged during this period — Zoombombing. It refers to a new method of harassment where an uninvited guest disrupts a virtual meeting. In the last few months, the company took several measures to prevent Zoombombing. With the newly introduced two-factor authentication, the users can finally put an end to all those Zoombombers.
By enabling 2FA, the admins and organizations can provide an additional layer of security to their users. Instead of a single password, the user now requires two or more credentials to authenticate their account. Instead of a password or pin, the zoom account can also be authenticated using a smart card, smartphone, fingerprint, or voice.
How to enable Zoom's two-factor authentication
First off, the user has to sign in to the Zoom Dashboard. Now, head over to the "Navigation" menu and click on "Advanced" and then "Security." Enable the "sign in with Two-Factor Authentication" option. As of now, the user can choose between the authentication app or SMS for the two-factor sign-in code.
For organizations, the admin has to first enable the 2FA for the users to set up and use. The admins can also enable the 2FA for users with specified roles. For the authentication apps, Zoom recommends Google Authenticator, Microsoft Authenticator, and FreeOTP.
While all three services are available for Android and iOS, the Microsoft Authenticator additionally supports Windows OS. When trying to log in, the users can get the time-based one-time password (OTP) from any of these apps.
During the 2FA setup process, Zoom also provides a list of 6-digit backup recovery codes. In case you lose your phone for accessing the 2FA code or SMS, the recovery codes can be used for signing in. More importantly, note that each recovery code will only work once.
Also, the users in the organization can get the 2FA disabled through admin. Once signed in, the user can edit the 2FA setup for adding a new device. While Zoom has just introduced the 2FA feature, it's already available on Google and Microsoft services as "two-step verification."
Zoom is also working on deploying end-to-end encryption for both free and paid customers. While the company started beta testing in July this year, Zoom hasn't mentioned any timeline for the full-fledged rollout.