Video conferencing app Zoom has added two-factor authentication (2FA) as a new layer of security following its soar in popularity during the current pandemic.
The log-in standard requires users to provide an additional piece of information, such as a pin code sent via text message, as well as a password.
Zoom said the addition of the feature would help users protect against hackers taking control of accounts, which can lead to identity theft and security breaches.
The video calling app has seen huge growth in its user base this year due to social distancing rules, forcing millions of employees to work away from their colleagues.
But the firm has been rolling out new features meant to rectify security lapses that have allowed issues like ‘Zoombombing’, where uninvited users crash a video chat.
Zoom has also recently released its first ever physical product, the $600 Zoom for Home’ touchscreen device.
Scroll down for video
Zoom is rolling out new features meant to rectify security lapses that have allowed things like ‘Zoombombing’ where uninvited users crash a video chat
HOW TO ENABLE ZOOM 2FA
To enable Zoom’s 2FA at the account-level for password-based authentication, account admins should:
1. Sign in to the Zoom Dashboard.
2. In the navigation menu, click Advanced, then Security.
3. Make sure the Sign in with Two-Factor Authentication option is enabled.
4. Select one of these options to enable 2FA for:
a) All users in your account: Enable 2FA for all users in the account.
b) Users with specific roles: Enable 2FA for roles with the specified roles. Click Select specified roles, choose the roles, then click OK.
c) Users belonging to specific groups: Enable 2FA for users that are in the specified groups. Click the pencil icon, choose the groups, then click OK.
5. Click ‘Save’ to confirm 2FA settings.
‘Zoom’s enhanced two-factor authentication (2FA) makes it easier for admins and organisations to protect their users and prevent security breaches right from our own platform,’ the firm said in a blog post.
‘With 2FA, organisations can reduce the risk of identity theft and security breaches by adding an extra layer of security that prevents bad actors from accessing accounts by guessing passwords or gaining access to employees’ or students’ devices.’
2FA for Zoom identifies online users by requiring them to present two or more pieces of evidence, or credentials, that authenticate their ownership of the account.
This includes a piece of information that the user knows, such as a password or pin, something the user owns, like a smart card or mobile device, or something the user has, like their fingerprints or voice.
The video conferencing app came to prominence during the coronavirus lockdown as millions turned to the service to help communicate with colleagues while working from home.
Zoom previously said in April that it has around 300 million daily Zoom meeting participants globally.
While in the UK, user numbers rose from 659,000 UK users in January to 13 million in April, according to Ofcom.
However, security and privacy flaws were found within the app, including incidents of ‘Zoombombing’, where strangers were able to force their way into calls, often sharing harmful content to those present.
2FA requires users to provide an additional piece of information, such as a pin code sent via text message, as well as a password
In response, Zoom launched a major overhaul of its security features and has rolled out a number of updates to the app to better protect users.
Among new features revealed back in April were the ability to lock meetings and prevent other users from joining, the ability to remove participants in the meeting and greater control over screen sharing.
The company also turned on passwords for Zoom conferences by default and allowed business users to have an IT administrator set the password strength.
In May, Zoom purchased security and encryption company Keybase in an effort to address its high-profile security issues and bring expertise to its increasingly popular platform.
Pictured is the 27-inch Zoom for Home touchscreen device (left) next to a laptop. It can be used for presenting and annotating information on-screen, and can be used independently of a computer
And in July, Zoom unveiled its dedicated video-conferencing device aimed specifically at home workers and retailing for $600 (about £475).
‘Zoom for Home’, made by US-based firm DTEN, has a 27-inch touchscreen with three wide-angle cameras for HD video calls, integrated speakers and an eight-microphone array for clearer audio.
The device can be used independently of a computer, as well as being a second screen during Zoom meetings, and dwarfs a standard laptop.
The firm said the ‘Zoom for Home’ name will apply to a whole new category of hardware devices to support remote working, meaning more Zoom devices will be revealed at a later date.
WHAT IS ZOOM DOING TO ADDRESS SECURITY CONCERNS?
To address concerns, the company has hired former Facebook security chief Alex Stamos as an adviser.
It also formed an advisory board to look into its privacy and safety practices.
Zoom has also sent out an update with a new security menu to make accessing privacy tools easier.
The platform has introduced a dedicated security icon at the bottom of the screen from which users can quickly access all the app’s safety features.
The new menu now allows to update security settings while live in a call for the first time, rather than making meeting hosts set security settings before a call.
This was something critics said was leading to gaps in meeting security and privacy, because users unaware of all Zoom’s safety features often started meetings without seeing all the options.
In addition to the new centralised security menu, Zoom said meeting IDs would no longer be displayed on the title toolbar.
The company said this was to prevent others seeing active meeting IDs when ‘Zoom screenshots are posted publicly’, and using the information to crash meetings.
Prime Minister Boris Johnson was criticised when hosting a virtual Cabinet meeting on the platform last month, after he revealed the meeting ID and usernames of several Cabinet ministers by posting a screenshot to Twitter.