Zoom adds two-factor authentication for all users

Unified communications and collaboration platform Zoom has rolled out another round of cyber security enhancements, adding two-factor authentication (2FA) across its platform, requiring users to present two or more credentials to join a meeting.

This is the latest in a now long-running series of enhancements Zoom has made in response to a series of concerns around the security of its service, use of which soared during lockdown and has remained popular as millions of people continue to work remotely during the ongoing Covid-19 pandemic.

Zoom said adding 2FA to its platform offered users a secure way to validate their identities and protect against incidents, providing a number of benefits such as a reduced risk of identity theft and security breaches by preventing malicious actors from accessing legitimate accounts, enhanced compliance with data protection regulations, reduced costs by eliminating the need for expensive single sign-on (SSO) technology, and easier credential management.

Users will have the option to use authentication apps that support time-based one-time password (TOTP) protocols, for example Google Authenticator, Microsoft Authenticator or FreeOTP, or have Zoom send a code via SMS or phone call, the firm said in a blog post announcing the changes.

Niamh Muldoon, senior director of trust and security at identity and access management specialist OneLogin, said the addition of 2FA was entirely necessary given the increase in Zoom usage, and the high-profile stories of so-called zoom-bombing that ensued.

“However, security is a two-way street; in order for this to be effective, users will need to enable the use of 2FA,” she said.

Administrators can activate 2FA on Zoom at the account level by signing into their Zoom dashboard, navigating to security settings, and enabling 2FA either for all users, or for specific users by function or grouping. Further details can be found online.

However, Muldoon pointed out that the growing sophistication of phishing threats was leading many to the conclusion that 2FA is not necessarily 100% effective.

“Zoom should introduce more modern forms of 2FA like WebAuthn, which leverages device-based encryption to prevent even advanced malware and man-in-the-middle phishing attacks,” she said.

“WebAuthn is popular with users because it requires no password and allows them to utilise biometric sensors like fingerprint scanning and facial recognition that they already use to their unlock phones.”

She added that while MFA was essential, leaders in the field are now also turning to artificial intelligence and risk management techniques to enhance authentication in situations where risk might be heightened, such as if users have changed their device, location, or app usage profiles.

Random Posts

  • Technology Information And Options

    With a high school diploma or a Normal Equivalency Diploma (GED), you’ll be able to apply to any of MATCH’s […]

  • A Simple Plan: Tips

    Important Things that Men Like in Bed Making a man happy is always simple because you only have to simply […]

  • TikTok takes Trump to court

    Chinese-owned video-sharing app TikTok has filed a lawsuit in federal court challenging the administration of president Donald Trump over its […]

  • Directed Vitality Weapon Mind Control Technology

    Nikki is a veteran educator, librarian, Instructional Technology Facilitator and ISTE Librarians Community President Elect. Several years in the past […]