The usage of video conferencing and calling applications has skyrocketed since the beginning of the pandemic, which has drawn eyeballs of threat actors towards this new attack surface. This inadvertently means that video calling platforms have been on the radar, and Zoom just happened to walk into their trap as it previously did not support end to end (E2E) encryption for free users. It received a lot of flak, especially from the infosec community. It, however, rectified the mistake and provided E2E encryption to all its users. Yet, it lacked some basic security features like the two-factor authentication (2FA). It seems that it has finally obliged and has now introduced the two-factor authentication for its users, reassuring them of an added jacket of safety over the existing ones.
How Does 2FA Help Zoom
Zoom’s 2FA adoption primarily provides the app an added layer of security and helps prevent potential security breaches. Other benefits include:
- Improved security: It reduces the risk of identity theft and security breaches by preventing bad actors from accessing accounts by guessing passwords, or credential stuffing or gaining access to employees’ or students’ devices to get into the main network.
- Reduced costs: SSO or other forms of login and authentication can punch a hole in the pocket for smaller organizations. However, Zoom’s 2FA provides a free and effective way to validate users’ authenticity.
- Enhanced compliance: 2FA implementation helps organizations fulfill compliance and regulatory needs for sensitive data and customer information.
- Easier credential management: Password management can be a task especially in this digital normal where you have online accounts for even ordering your daily veggies and groceries. Thus, a 2FA provides an additional level of security without the hassles of constant password management.
Enabling Zoom’s 2FA for Your Organization
As per Zooms blogpost, Zoom not only offers 2FA but a host of other authentication methods such as SAML, OAuth, and/or password-based authentication, which can be enabled or disabled for an account based on user/admin preference. To enable the 2FA at account-level for password-based authentication, the admins need to follow these steps:
- Sign into your Zoom Dashboard.
- Go to navigation menu, first select Advanced, and then click on Security.
- Make sure the Sign in with Two-Factor Authentication option is enabled.
- Select one of these options to enable 2FA for:
- All users in your account:Enable 2FA for all users.
- Users with specific roles:Enable 2FA for specific user roles. Click Select specified roles, choose the roles, then click OK.
- Users belonging to specific groups:Enable 2FA for users in a specific group. Click pencil icon, choose the groups, then click OK.
5. Finally, once you are done click ‘Save’ to confirm your changes made to the 2FA settings.