Zoom adds two-factor authentication (2FA) support to all accounts

Posted by & filed under Security News.

Zoom has announced that starting today it has added two-factor authentication (2FA) support to all user accounts to make it simpler to secure them against security breaches and identity theft.

With 2FA, Zoom users will have an extra layer added to the authentication process, blocking attackers from take control of their account by guessing their password or using compromised credentials.

This is because, Zoom accounts secured using 2FA will require you to enter a one-time code from a mobile authenticator app or received via SMS or phone call, in addition to the account’s password, before allowing you to sign in to the Zoom web portal, desktop client, mobile app, or Zoom Room.

“With Zoom’s 2FA, users have the option to use authentication apps that support Time-Based One-Time Password (TOTP) protocol (such as Google Authenticator, Microsoft Authenticator, and FreeOTP), or have Zoom send a code via SMS or phone call, as the second factor of the account authentication process,” Zoom explained in an announcement published today.

“Zoom offers a range of authentication methods such as SAML, OAuth, and/or password-based authentication, which can be individually enabled or disabled for an account.”

How to enable Zoom 2FA

To toggle on 2FA, Zoom account owners and admins have to enable the ‘Sign in with Two-Factor Authentication’ option in the Advanced > Security menu, within the Zoom Dashboard.

The exact procedure for account admins to enable Zoom’s 2FA at the account-level — requiring users to enter 2FA codes for password-based authentication — includes the following steps:

  1. Sign in to the Zoom Dashboard
  2. In the navigation menu, click Advanced, then Security.
  3. Make sure the Sign in with Two-Factor Authentication option is enabled.
  4. Select one of these options to enable 2FA for:
    • All users in your account: Enable 2FA for all users in the account.
    • Users with specific roles: Enable 2FA for roles with the specified roles. Click Select specified roles, choose the roles, then click OK.
    • Users belonging to specific groups: Enable 2FA for users that are in the specified groups. Click the pencil icon, choose the groups, then click OK.
  5. Click ‘Save’ to confirm your 2FA settings.

More information on resetting 2FA for users, singing in using 2FA codes or 2FA recovery codes as a user, as well as on how to edit a 2FA setup can be found in this support document.

The information contained in this website is for general information purposes only. The information is gathered from BLEEPING COMPUTER, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.  Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.