Zoom is adding an additional layer of security to safeguard users against security breaches.
Cloud-based video conferencing service Zoom on Friday announced that it was rolling out two-factor authentication (2FA) for users to prevent identity theft and security breaches on the platform. Zoom will support authentication apps that support Time-Based One-Time Password (TOTP) protocol such as Google Authenticator, Microsoft Authenticator, and FreeOTP, as well as more conventional SMS or phone call-based codes for account authentication.
Adding two-factor authentication is part of Zoom’s ongoing efforts to make its platform safe and secure for users. The company claims to have rolled out over 100 privacy and security measures as of July 1, 2020 under its 90-day feature freeze period including enhanced encryption (via Zoom 5.0) to better protect its users from prying eyes. Zoom recently upgraded its encryption to standard AES 256-bit GCM, which is an improvement over the previous AES-256 ECB standard. GCM encryption is now fully enabled for all meetings. Zoom is also working simultaneously to bring end-to-end encryption for all users (free and paying) in the days to come.
Enabling Zoom’s 2FA at the account-level is a straightforward process. Account admins simply need to sign-in to the Zoom Dashboard and check the sign in with two-factor authentication option under the security tab in the navigation menu. From here, they can choose to either enable 2FA for all users in the account, for those with specific roles, or even for users belonging to specific groups. Finally, they can click save to confirm their 2FA settings. Once enabled, users will need to set up 2FA (via authentication app or SMS) when they sign into the Zoom portal.
Zoom had a troubled and controversy-ridden start to 2020 thanks to numerous privacy loopholes something that even caught the eye of governments around the world, including India, where the platform is under strict watch. But over the course of time, Zoom has tried and fixed many of its privacy and security issues. And with the latest announcement, it seems, it has not stopped working on those aspects.