Multi-factor authentication is one of the easiest ways to protect your accounts from unauthorised access or bad actors, but the security feature was noticeably missing on some devices in one of the most popular videoconferencing apps on the planet — and that’s a big problem.
Now, virtual meet-up app Zoom — a service that’s used for everything from remote learning to support groups to business meetings — says it’s rolled out two-factor authentication for its desktop and mobile apps. A spokesperson confirmed to Gizmodo that the feature was previously only available on web, adding that the 2FA security feature is now available to all users, including those who use its free tier.
The company has additionally added recovery codes and SMS authentication as a 2FA option. The stronger security option, however, is to use a time-based one-time password with an authenticator app like Google Authenticator or Microsoft Authenticator. While enabling SMS or phone call authentication is better than having no additional security measures in place at all, authenticator apps are a much stronger option to prevent interceptions by bad actors using man-in-the-middle attacks or old-fashion social engineering.
As an enormous amount of infrastructure has moved from in-person to remote and Zoom has become so popular its name is the de facto transitive verb for a digital meeting, the service has developed a reputation for lax security. The resulting “zoombombing” — where unwanted guests show up to say, send unwanted porn to kids, harass addicts in virtual recovery groups, or issue actual bomb threats — is more than enough reason to spend the extra 30 seconds adding a little more security to your account.
To enable 2FA on your desktop or mobile device, head to the Zoom web portal (your admin may need to enable it for your account), then click on Profile. Scroll down to Two-Factor Authentication and make sure this option is turned On. From there, you’ll be able to select which form of 2FA you’d like to enable, and the web portal will walk you through the rest.
And if you haven’t already, now’s as good a time as any to sweep some of your other logins for 2FA support as well. It may be a pain in the arse now, but you may thank yourself later.