As many of us continue to work and collaborate from home, there has been a steady uptick in the number of security breaches. Zoom’s videoconference product has taken some hits in that regard, and they are finally doing something about it. In an effort to increase security measures for their users, Zoom is rolling out support for two-factor authentication (2FA) for their product across every platform – web, desktop, and mobile. This coverage extends even to those using the free version of Zoom.
The demand for enhanced security
During the surge in the popularity of videoconferencing tools earlier this year, Zoom and other companies selling similar products enjoyed a huge boom in their business. But the security breaches that followed put them in an unwanted spotlight. Vulnerabilities that had previously gone undetected were suddenly revealed. Partly for that reason, a group of six regulatory bodies from countries in four continents sent an open letter to these companies, including Zoom, urging them to reevaluate how they safeguard their customers’ privacy rights and data. Zoom responded by announcing the new 2FA security earlier this month, saying “Zoom’s enhanced Two-Factor Authentication (2FA) makes it easier for admins and organizations to protect their users and prevent security breaches right from our own platform.”
What is 2FA?
When it comes to security, there are three traditional authentication factors that are commonly used to identify and thus protect the end user:
- something you know (e.g., a password or PIN)
- something you have (e.g., physical keys or authentication apps), and
- something you are (e.g., biometrics like thumbprints or retina scans).
In the case of 2FA systems, users must pass through authentication challenges from – you guessed it — two of these three factors. While the process of passing through a second authentication factor may seem like a bit of an inconvenience, you should know that it provides a MAJOR security boost.
The authentication app option
One way users can identify themselves when signing into their Zoom accounts is by using authentication apps. These apps support what is known as Time-Based One-Time Password (TOTP) protocol. (Examples include Google Authenticator, Microsoft Authenticator, and FreeOTP). While another option is to have Zoom send a code via SMS or phone call as the second factor, the folks at Zoom believe the authentication app route is better. This is because it makes it more difficult for cybercriminals to access your account even if you become a target of a SIM swapping attack.
Recovery codes to the rescue
And Zoom now also allows users to use recovery codes to sign into their accounts. When you set up your 2FA, you can obtain a recovery code at the same time. So if your device gets lost or stolen or you no longer have access to your 2FA codes for some other reason, you can sign in using that recovery code (just be sure to keep THAT code safe!).
Get set up
You can check out the whole process of setting up 2FA as well as using recovery codes here on Zoom’s help center. And to learn more about ways to make your videoconferencing sessions more secure in general, check out this post my colleague Dan Callahan wrote earlier this year.