Users Take the Wheel on Security With 2FA on Zoom

We investigate the latest security update to Zoom

4
Sponsored Post
Zoom-Two-Factor-Authentication-security
Collaboration

Published: September 25, 2020

Anwesha Roy

Technology Reporter

Over the last few months, we have been observing Zoom’s meteoric rise in the video conferencing space. Back in February, UC Today’s Rob Scott dropped by the Zoom Booth at Integrated Systems Europe (ISE) 2020, catching up with the company’s Global Head of Customer Success, Jim Mercer:

“Going from being the new kid on the block to the ubiquity we have achieved in such a short amount of time – it is unprecedented. We are maniacally obsessed with customers and we pride our products on user experience

 

Since then, Zoom has come a long way in a short while. As our very own Moshe Beauford writes, COVID-19 has transformed Zoom into a powerhouse.  In Q1, it earned $328.2 million in revenues – a 169% uptick year-on-year. But while all the financial indices pointed in a positive direction, Zoom came under scrutiny for repeated security mishaps, scalability issues, and even an outage or two.

But the company wasn’t sitting idle during this slightly rough patch. In April, Zoom’s Founder and CEO, Eric Yuan, announced a 90-day plan to combat any security flaws in the system. One of the recent outcomes from the initiative is enhanced two-factor authentication (2FA) on Zoom. We reached out to the company on how this latest move would prevent future security issues and attacks like Zoombombing – read on for the details.

How Does the New 2FA on Zoom Work?

2FA is a subset of multi-factor authentication where a platform asks the user for two or more pieces of identity proof when logging in. Typically, this includes any two of the following:

  • Something you know (a password, the answer to a secret question)
  • Something you own (a physical ATM card, a smartphone)
  • Something you have (a fingerprint, your voice)

Zoom is rolling out an optional 2FA that primarily targets small businesses, schools, and nonprofits that cannot afford full-fledged single sign-on services. Zoom 2FA will be available for free to all its users.

As per the new authentication mechanism, you need one more piece of evidence in addition to your Zoom account password. This could be a time-based OTP or a code that the company sends you via SMS or phone call.

To use this security feature, your admin must first enable 2FA from the security module of the Zoom web portal. The admin will java the option of activating 2FA for all users or those belonging to specific roles/groups. Once this is done, you (the end-user) can select either the Authentication App or SMS option as your preferred authentication method.

2fa-diagram Zoom

How Does This Impact My User Experience?

One of the reasons why Zoom saw this incredible spike in adoption is its seamless UX. Unlike Zoom alternatives such as Skype for Business and others, it is very easy to get started with Zoom, involving minimal setup complexities and joining efforts. Could 2FA take away from this?

The company assures that it is still steadfastly focused on ease of use, and the introduction of 2FA doesn’t signal a trade-off. “2FA is optional, and we consider this an exciting feature that can enhance account security. With 2FA, admins and organisations can protect their users and prevent security breaches right from our own platform,” the company informed us.

Even if it does take an extra minute or two for logging in, we are confident that users would prefer a stronger authentication mechanism over attacks like Zoombombing. 2FA does address this to an extent – “It is intended to reduce the risk of identity theft and security breaches by preventing attackers from gaining unauthorised access to accounts by guessing passwords or gaining access to users’ devices,” the company shared with us.

So, potentially, your UX could see an improvement as unauthorised intruders are kept out of meetings through 2FA.

Is 2FA Fully Secure? If Not, What Are the Alternatives?

Even as companies come up with stronger security measures, hackers aren’t far behind. As company representatives told us,

“Security and privacy are ongoing priorities, and we are committed to always working to improve our security features and practices”

However, there are workarounds that a hacker might take despite 2FA implementation, like SIM-jacking where an unauthorised entity gains access to the OTP by counterfeiting your SIM. For companies worried about such scenarios, Zoom offers SAML, OAuth, Okta, and integrations with a host of other identity management platforms.

And that’s not all. Zoom told us about another upgrade that is currently in the works, which would take its security posture to a whole new level: “We’re also very excited about our end-to-end encryption offering, which is currently in private beta.”

For now, 2FA is a welcome addition to Zoom’s growing security capabilities, particularly if you are a small team with big collaboration needs.

 

 

Security and ComplianceUser ExperienceVideo Conferencing
Featured

Share This Post