Zoom adds two-factor authentication to all accounts

Zoom has added two-factor authentication (2FA) for all user accounts to help prevent security breaches on the video chat platform.

The roll-out identifies users by requiring them to present two or more pieces of evidence, or credentials, that authenticate their ownership of the account, such as something the user knows (a password or pin), something the user owns (a smart card or mobile device), or something the user has (fingerprints, voice).

A statement from the company explained that the enhanced security will help prevent hackers 'video bombing' unsuspecting users, while also helping companies using the platform meet compliance obligations for sensitive data and customer information.

"With Zoom’s 2FA, users have the option to use authentication apps that support Time-Based One-Time Password (TOTP) protocol such as Google Authenticator, Microsoft Authenticator and FreeOTP, or have Zoom send a code via SMS or phone call, as the second factor of the account authentication process," explained a company blog post.

Zoom has experienced rapid growth during the Coronavirus lockdown, but with it has come increased scrutiny of its existing security policies. To counter concerns, in April the business hired Facebook's chief security officer Alex Stamos as an advisor, followed by the acquisition of secure messaging and file-sharing service Keybase in May.

Commenting on the move, OneLogin's senior director of trust and security Niamh Muldoon noted that in order for 2FA to be effective, users will need to enable it. She also argued that the growing sophistication of phishing threats means traditional forms of 2FA like SMS and OTP are becoming risky.

"Zoom should introduce more modern forms of 2FA like WebAuthn, which leverages device-based encryption to prevent even advanced malware and man-in-the-middle phishing attacks."

    Share Story:

Recent Stories