Good Practices Industry News Tips and Tricks

Secure Your Zoom Account with Two-Factor Authentication

Secure Your Zoom Account with Two-Factor Authentication
  • 2FA makes Zoom video-conferencing accounts harder for hackers to compromise
  • Users given option of app-based or SMS-based 2FA
  • Admins can set 2FA policy for different user groups

We’ve said it once, we’ve said it twice, we’ve said it one hundred times.

Hardening the security of your accounts with two-factor authentication (2FA) can dramatically reduce their chances of being hacked.

If you think that it’s enough to protect an online account with just a username and password then you’re missing the fact that:

  • People often choose weak or commonly-used passwords,
  • People often choose passwords that can be guessed or easily cracked.
  • Many people make the mistake of reusing the same password in different places.

Even if you aren’t making any of those mistakes then your password could be stolen by a hacker through phishing or keylogging malware.

Two-factor authentication, however, provides an additional safety net – even if your password falls into the hands of cybercriminals. That’s because 2FA turns logging in from being a single step operation (enter your username and password) to a two-step process (enter your username and password, and now enter a one-time code generated by an app such as Google Authenticator on your smartphone or other device.)

Malicious hackers might have managed to grab your password, but unless they have physical access to the device you use to generate your 2FA code they’re going to find it a lot more difficult to access your account.

So I’m delighted to read that Zoom has now made two-factor authentication available to all users of its video-conferencing plaform.

With the featured enabled users won’t be able to sign in to the Zoom web portal, desktop client, mobile app, or Zoom Room without their code.

With many staff currently working remotely due to the COVID-19 pandemic, it’s pleasing to see that Zoom has provided the ability administrators to protect their users by setting a 2FA policy for all users, users with specific roles, or users in specific groups.

Of course, individual users can also enable 2FA as well. Simply log into your Zoom Dashboard, choose Profile, scroll down to “Two-factor Authentication” option, click “Turn on” and follow the instructions.

Users can choose whether to use 2FA via an app that supports the TOTP (Time-based one-time password) protocol or have Zoom send a code via SMS or phone call. For a higher level of security, I recommend the app-based 2FA option.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.