Serg Nvns - Fotolia
Zoom has made two-factor authentication an option within its video conferencing service. The feature is the latest step in the video conferencing company's efforts to have security competitive with rivals Cisco and Microsoft.
The feature, launched this week, demonstrates Zoom's commitment to building into the service security on par with its most significant competitors, Cisco Webex and Microsoft Teams, analysts said. Both products offer two-factor authentication.
"This is a step to stay competitive with the larger collaboration tools," said Futurum analyst Daniel Newman. "It's a smart, simple way to protect, and it's also cost-effective."
Two-factor authentication is a process in which people have to sign in with a second form of authentication, such as a smart card, fingerprint reader or a PIN sent to a mobile phone. Zoom is providing the option of using a time-based one-time password or a PIN sent via text or a phone call. The process would be part of signing into the desktop version of Zoom. The feature is already available in the web version.
Corporate administrators can opt for requiring all employees to use the second layer of security. Zoom is also making the feature available to individual users.
Michael Brandenburg, an analyst at Frost and Sullivan, said two-factor authentication helps prevent common cyberattacks. These include malicious actors obtaining credentials to impersonate employees during meetings to steal proprietary information.
Adding a physical device to the authentication process is especially effective, Newman said. "Two-factor forces the user to have control of the physical device, which tends to be a stopping point," he said.
During the company's recent earnings call, Zoom CEO Eric Yuan said security remained a top priority. Experts have criticized the company for lacking corporate-level security features.
However, security is only as strong as the users who implement it, Brandenburg said. Zoom has been offering passwords for meetings for a while. Still, Zoom didn't require users to implement them, so bad actors hijacked sessions.