What you need to know
- Zoom has enabled two-factor authentication for all users on its mobile and desktop apps.
- You can now secure your Zoom account with SMS or an authenticator app.
- It's available to users on all tiers, whether free or paid.
Zoom has enabled two-factor authentication (2FA) on its service, allowing customers to secure their account with an extra layer of protection. It will work on the web app, as well as the mobile and desktop clients.
"With Zoom's 2FA, users have the option to use authentication apps that support Time-Based One-Time Password (TOTP) protocol (such as Google Authenticator, Microsoft Authenticator, and FreeOTP), or have Zoom send a code via SMS or phone call, as the second factor of the account authentication process," the Zoom team wrote in a blog post. The Verge adds that Zoom will offer this feature to all customers, including those on the free tiers.
You can easily enable Zoom's two-factor authentication by logging into the Zoom web portal. Under Advanced > Security, you'll be able to enable "Sign in with Two-Factor Authentication". You can then choose whether you'd like to sign in with an authentication app or SMS, and go on from there. It's a little more complicated for admins managing multiple accounts, but it should be simple for a single user.
It's worth noting that while Zoom has SMS two-factor authentication, it's one that we strongly recommend against using.
Android Central's Jerry Hindelbrand explained why not to in August, saying:
Getting a 2FA code via a text message isn't all that different from getting one from an authenticator app. The issue is with the execution. When you rely on SMS for those codes, you're subject to things like a man in the middle attack, where someone intercepts your messages, or SIM jacking — that's where someone convinces your carrier to give them a new SIM card using your number. Once that happens, you no longer control access to your account.
That being said, the addition of two-factor authentication to the service is a net-good which brings it up to par with Google Meet in terms of security, at least on that front.
