Both these changes are part of a bigger, more comprehensive Zoom 5.0 update, which Zoom says is a “key milestone” in its 90-day plan to better secure its platform.
All Zoom meetings, webinars, including previously scheduled events will require a password by default soon, that should help the video conferencing platform keep a check on the growing menace of Zoom-bombing. This will come into effect from May 9 for all free or basic accounts, and from May 30 for Pro, API, Business, Education, and Enterprise accounts, Zoom confirmed via a blog post on Wednesday. Moreover, Zoom will also deploy AES 256-bit GCM encryption across the platform from May 30, that should — at least in theory — make it a little more secure and private than before.
Both these changes are part of a bigger, more comprehensive Zoom 5.0 update, which Zoom says is a “key milestone” in its 90-day plan to proactively identify, address, and enhance the security and privacy capabilities of its platform. Though Zoom has already started rolling out a few Zoom 5.0 features, it is expected to drop the complete update by the end of May.
Zoom has been enabling passwords by default for most users for sometime now — while highlighting “clearly” that passwords are necessary for all Zoom meetings. By the end of May, though, it will be live for all use cases. Without password protection, there’s a high possibility that your Zoom meetings could be ‘Zoom bombed,’ which essentially means that hackers could eavesdrop at any moment.
“By default, Zoom embeds the password into meeting/webinar links, if participants click the link they will not be prompted to enter a password when joining,” though “manually entering a meeting/webinar ID will always prompt the user to enter the password” post the update.
The other “big” change is coming in the form of enhanced encryption. Zoom is upgrading its encryption to standard AES 256-bit GCM, which is an improvement over the outgoing AES-256 ECB standard. This still isn’t the full-proof end-to-end encryption one would want from the service, but it’s surely better than what’s already there, at least on paper. Also, as it turns out, the way that Zoom defines end-to-end encryption is slightly different from the general norm. The platform argues that all Zoom calls are end-to-end encrypted as long as long as they’re between two or more Zoom clients. It is only when the communication seeps through other modes, PSTN (public switched telephone network) for instance, when Zoom calls aren’t encrypted.