Friday, February 28, 2025
HomeCyber Security NewsZoom Adds Two-factor Authentication Available for all Users

Zoom Adds Two-factor Authentication Available for all Users

Published on

SIEM as a Service

Follow Us on Google News

Zoom announced Two-Factor Authentication (2FA) for all users that let admins and organizations prevent security breaches & data thefts.

The two factor authentication (2fa) brings an additional security layer to the authentication process, blocking attackers from taking control of meetings by guessing the password or using compromised credentials.

“With Zoom’s 2FA, users have the option to use authentication apps that support Time-Based One-Time Password (TOTP) protocol (such as Google Authenticator, Microsoft Authenticator, and FreeOTP), or have Zoom send a code via SMS or phone call, as the second factor of the account authentication process,” Zoom explained in an announcement published today.

How to Enable Zoom’s 2FA

Zoom offers a range of authentication methods such as SAML, OAuth, and/or password-based authentication, which can be individually enabled or disabled for an account.

Zoom Two-factor Authentication

To enable Zoom’s 2FA at the account-level for password-based authentication, account admins should take the following steps:

  • Sign in to the Zoom Dashboard
  • In the navigation menu, click Advanced, then Security.
  • Make sure the Sign in with Two-Factor Authentication option is enabled.
  • Select one of these options to enable 2FA for:
  • All users in your account: Enable 2FA for all users in the account.
  • Users with specific roles: Enable 2FA for roles with the specified roles. Click Select specified roles, choose the roles, then click OK.
  • Users belonging to specific groups: Enable 2FA for users that are in the specified groups. Click the pencil icon, choose the groups, then click OK.
  • Click ‘Save’ to confirm your 2FA settings.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Also Read

A New Zoom URL Flaw Let Hackers Mimic Organization’s Invitation Link

Zoom 0day Vulnerability Let Remote Attacker to Execute Arbitrary Code on Victim’s Computer

New Zoom Flaw Let Attackers to Hack into the Systems of Participants via Chat Messages

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Lotus Blossom Hacker Group Uses Dropbox, Twitter, and Zimbra for C2 Communications

The Lotus Blossom hacker group, also known as Spring Dragon, Billbug, or Thrip, has...

Squidoor: Multi-Vector Malware Exploiting Outlook API, DNS & ICMP Tunneling for C2

A newly identified malware, dubbed "Squidoor," has emerged as a sophisticated threat targeting government,...

Unpatched Vulnerabilities Attract Cybercriminals as EDR Visibility Remains Limited

Cyber adversaries have evolved into highly organized and professional entities, mirroring the operational efficiency...

Threat Actors Attack Job Seekers of Fortune 500 Companies to Steal Personal Details

In Q3 2024, Cofense Intelligence uncovered a targeted spear-phishing campaign aimed at employees working...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Lotus Blossom Hacker Group Uses Dropbox, Twitter, and Zimbra for C2 Communications

The Lotus Blossom hacker group, also known as Spring Dragon, Billbug, or Thrip, has...

Squidoor: Multi-Vector Malware Exploiting Outlook API, DNS & ICMP Tunneling for C2

A newly identified malware, dubbed "Squidoor," has emerged as a sophisticated threat targeting government,...

Unpatched Vulnerabilities Attract Cybercriminals as EDR Visibility Remains Limited

Cyber adversaries have evolved into highly organized and professional entities, mirroring the operational efficiency...