Zoom implemented the two-factor authentication (2FA) in its web, desktop and mobile applications, which means users can enhance the security of their accounts with an additional layer of protection.
In context, a two-factor authentication system challenges users to respond to two different factors in order to authenticate themselves when logging into an account. That said, there are three classic authentication factors that are commonly used: something you know such as a password or PIN code, something you carry with you such as a physical key or an authentication app, and something you are, which includes biometrics, fingerprints or retinal scans.
On September 10, the videoconferencing platform announced the new security function in a post on its official blog, in which it ensures that the implementation of the double authentication factor will make it easier for administrators and organizations to protect their users and avoid security breaches on the platform. In a statement to the media, Zoom confirmed that it is making the feature available to all users in general, including those who use its free plan. It should be noted that data revealed in recent times by companies such as Microsoft or Google show the importance of implementing this security mechanism given its effectiveness in preventing and avoiding account hijacking.
Zoom also described the ways in which users can authenticate themselves when logging into their accounts. For example, “users have the option to use authentication applications that support the Time Based One Time Password (TOTP) protocol, such as Google Authenticator, Microsoft Authenticator and FreeOTP, or choose to have Zoom send a code via SMS or phone call as a second factor in the account authentication process.
While using SMS text messages as a form of two-factor authentication is better than not using 2FA, it is preferable to opt for one of the supported authentication applications, mainly because it makes it more difficult for cyber-crooks to access your account even if you become the target of a SIM swapping attack.
Zoom also allows users to use recovery codes to log into their accounts in case their device is lost or stolen. Users can consult the platform’s help center where they will find detailed information about the process of activating the two-factor authentication as well as the use of recovery codes.
Let’s remember that the COVID-19 pandemic forced many companies to transition to remote working, which caused Zoom, like other video conferencing platforms and services, to experience a dramatic increase in popularity. However, this also led the company to be in the spotlight due to privacy and security issues that became known once users flocked to the platform. If you are a Zoom user, we also recommend consulting our article on how to correctly configure Zoom security.