Zoom knows passwords are hackable and user data is at risk. The video conferencing major has rolled out two-factor authentication that supports Time-Based One-Time Password (TOTP) protocol, like Google Authenticator, Microsoft Authenticator, and FreeOTP to mitigate the risks of account takeover attacks and credential theft. Â
Zoom added two-factor authentication to its video conferencing platform on Friday, making the service more secure. Earlier this year, the video conferencing platform received a bad rap for poor security practices and faulty data collection measures. Zoom CEO Eric Yuan attempted to fix this by announcing a 90-day security planOpens a new window wherein the company made the platform more secure. The company also introduced end-to-end encryption for video calls for its users in June. With 2FA, Zoom is on its way to plug one more gap that could have adverse ramifications at the user level.
Two-factor authentication or 2FAOpens a new window is available for Zoom’s web version, supports mobile and web app clients and Zoom Rooms. 2FA ensures a stronger security perimeter by thwarting account takeover attacks using leaked or stolen credentials like usernames and passwords.Â
After all, four out of five global data breaches are caused by weak or stolen passwords, according to a report by the World Economic ForumOpens a new window . Robert Prigge, CEO at Jumio told Digital JournalOpens a new window , “With data collected and sold on the dark web containing usernames and passwords from past breaches, and internet users often recycling the same login credentials across multiple platforms, cybercriminals have all of the tools they need to impersonate a user’s identity online. This means that if your online account is only protected by a username and password, then you’re likely going to be an ATO target.â€Â
2FA authenticates account ownership by making the user verify their identity through legitimate codes or credentials that only they can access. This may also include:
- Something you know (PIN, password, code)
- Something you have (smartphone or a hardware token)
- Something you are (biometric characteristics like fingerprint, eye/face scan, voice)
See Also: ForgeRock Exec Discusses Why Organizations Should Make Passwords Obsolete
Speaking with Toolbox, Ben Goodman, Senior Vice President of Global Business and Corporate Development at ForgeRock said, “MFA, when paired with SSO technology, can provide better user experiences and security and should be the first step organizations take to move to a truly passwordless approach.â€
It also helps Zoom adhere to set compliances in terms of sensitive user data. 2FA in Zoom services supports a time-based one-time password (TOTP), making it compatible with third-party applications like Google Authenticator, Microsoft Authenticator and FreeOTP. Users can also leverage SAML, OAuth and password-based authentication besides SMS or call-delivered codes for authentication.
However, Prigge believes the way forward is completely password-less. “Password-based authentication, multi-factor authentication (2FA) and knowledge-based authentication (KBA) will be a thing of the past much sooner than previously anticipated, and businesses will look to more sophisticated and secure login options for current and prospective users,†he said.Â
Guide to set up 2FA on Zoom can be accessed hereOpens a new window and the service is free for all Zoom accounts.Â
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!