[ad_1]
Unified communications and collaboration platform Zoom has rolled out another round of cybersecurity enhancements, adding two-factor authentication (2FA) across its platform, requiring users to present two or more credentials to join a meeting.
This is the latest in a series of long-lasting enhancements Zoom has made in response to a number of concerns around the security of its service, the use of which skyrocketed during the lockdown and has remained popular as millions of people continue to work remotely during the ongoing Covid-19 pandemic.
Zoom said that adding 2FA to its platform offered users a secure way to validate their identities and protect against incidents, providing a number of benefits such as reduced risk of identity theft and security breaches by preventing malicious actors from accessing accounts. legitimate, better data compliance. protection regulations, reduced costs by eliminating the need for expensive single sign-on (SSO) technology, and easier credential management.
Users will have the option of using authentication apps that support time-based one-time password protocols (TOTP), for example Google Authenticator, Microsoft Authenticator, or FreeOTP, or have Zoom send a code via SMS or phone call, the firm said in a blog post announcing the changes.
Niamh Muldoon, senior director of trust and security at identity and access management specialist OneLogin, said the addition of 2FA was completely necessary given the increase in use of Zoom and the high-profile stories of so-called zoom bombardments that occurred.
“However, security is a two-way street; for this to be effective, users will have to enable the use of 2FA, ”he said.
Administrators can enable 2FA in Zoom at the account level by logging into their Zoom dashboard, navigating to security settings, and enabling 2FA for all users or for specific users by role or grouping. More details can be found online.
However, Muldoon noted that the increasing sophistication of phishing threats was leading many to conclude that 2FA is not necessarily 100% effective.
“Zoom should introduce more modern forms of 2FA like WebAuthn, which leverages device-based encryption to prevent even advanced malware and man-in-the-middle phishing attacks,” he said.
“WebAuthn is popular with users because it does not require a password and allows them to use biometric sensors such as fingerprint scanning and facial recognition that they already use to unlock their phones.”
He added that while MFA was essential, leaders in the field are now also turning to artificial intelligence and risk management techniques to improve authentication in situations where risk could increase, as if users had changed their device, location or application usage profiles.
