Zoom is ready to support two-factor authentication for its desktop and mobile versions. Zoom has been subjected to intense scrutiny for its lax security measures and thus it is has decided to provide a double layer of security for all its users.
Now the security has gone beyond the standard password and the company has decided to provide two-factor authentication for enhanced security. Users can now use this feature by enabling it through the Zoom Dashboard.
Zoom has mentioned this information on their blog post. Initially only available for the web version, the company has now launched it for both desktop and mobile versions. Additionally, both paid and free users can use the two-factor authentication feature.
Zoom, in their blog post, mentioned that users can choose to use “authentication apps that support Time-Based One-Time Password (TOTP) protocol (such as Google Authenticator, Microsoft Authenticator, and FreeOTP)” or have Zoom send you a code “via SMS or phone call.” This is how the two-factor authentication system will work for users on their respective devices.
To activate this security feature, users have to log in to Zoom’s website, go to My Account and click on the Profile tab where the two-factor authentication option will be available. The user will then need to enable the option by just clicking on it.
Zoom had previously introduced this feature, as mentioned earlier, for the web version. In that, the feature would operate through one-time login codes via the Google Authenticator which would generate the code.
Now, Zoom has added the receiving of login codes through SMS which is usually considered unsafe as the codes are easier to intercept. Zoom has additionally decided to help users regain access to their respective accounts through a recovery code.
Zoom’s move comes at a time when security concerns are rife, considering the onset of online learning and remote working. Along with the two-factor authentication, Zoom had earlier also introduced end-to-end encryption of video calls for both paid and unpaid users after receiving a lot of backlash.
The two factor-authentication feature is beneficial for many, but it reportedly gets a little complicated for the users who manage multiple accounts.
Many experts, however, advise strictly against the two-factor authentication situation as the code is received through an SMS on the phone. “Getting a 2FA code via a text message isn’t all that different from getting one from an authenticator app. The issue is with the execution. When you rely on SMS for those codes, you’re subject to things like a man in the middle attack, where someone intercepts your messages, or SIM jacking — that’s where someone convinces your carrier to give them a new SIM card using your number. Once that happens, you no longer control access to your account.” Android Central’s Jerry Hindelbrand stated.