Zoom works on security features, tweaks password requirements, rolls out one-time meeting IDs

In one of the 90-day-security plan progress report webinars, Zoom CEO Eric Yuan along with others addressed the changes brought about so far to strengthen Zoom’s security.

HIGHLIGHTS

• Zoom is taking steps to strengthen its security after criticism it faced for security policies.
• In one of Zoom’s blogs, the company stated that it has tweaked its password requirements, added the one-time meeting ID and changed desktop chat settings.
• In Zoom’s webinar, Ask Eric Anything, changes like new security icon, increased password complexity and changes to data center routing were brought about.

Video conferencing app Zoom has been the talk of the town since an unprecedented lockdown took over the lives of most employees. Even though there was a surge in the usage of Zoom in March, there were also questions raised for its flawed security policies. Companies like SpaceX, Google and Standard Chartered have prohibited their employees from using Zoom.


After facing considerable flak, the app has now brought in significant changes to make its security features better.

Zoom CEO, Eric Yuan, in a webinar hosted by him highlighted some of the key changes brought about in Zoom. The webinar was meant to give a progress report of the 90-day Security Plan chalked out by the team of Zoom.

Some of the changes highlighted in the ‘Ask Eric Anything’ webinar were:

New security icon: The security icon in the toolbar is designed to make it convenient for the hosts and the co-hosts. Through this security icon, they can access tools like locking meetings and enabling waiting rooms.

Zoom’s default settings: Meeting passwords and waiting rooms have been set by default on the platform. This will apply to users who use the most basic account, for single pro users.

Increased password complexity: Zoom has tweaked its password setting policy. The account owners and admins can now configure minimum meeting password requirements to include numbers, letters, and special characters, or allow only numeric passwords. The basic account users will have to use alphanumeric passwords by default instead of numeric passwords.

Changes to data center routing: The blog notes that the account admin will have the ability to choose if their data is routed through specific data center regions. This change is intended to give Zoom’s user “more control of their interactions with Zoom’s global network.”

This move comes after the app was criticised for there is no end-to-end encryption and routing of its traffic through China.

In one of its blogs, Zoom stated the changes the platform has brought about to strengthen its security features.

Meeting IDs and Cloud recordings: Zoom has brought about temporary one-time meeting passwords with a character limit of 11 for the ID instead of 9. Personal Meeting IDs are to remain the same.

Password protected cloud recordings: Zoom has turned on password protection for all its cloud recordings. This, again comes with increased password complexity. However, Zoom noted that the existing recordings will not be affected.

Chat settings for desktop: A zoom user can now hide message preview for desktop chat notifications. Once the user turns it off, he will get notified if he gets a new message.

Zoom further said that it has fixed issues related to missing data and delays on its dashboard.

Earlier this month, Zoom hired Alex Stamos, Facebook’s former chief security advisor. He cleared doubts about whether Zoom’s credentials were being made available for sale on the dark web.

Stamos said that it was an issue faced by most companies like Yahoo, Facebook, and Amazon. He explained that these credentials were stolen from elsewhere by people who had malware installed on their systems.

“We have also hired multiple intelligence firms to find these password dumps and the tools used to create them, as well as a firm that has shut down websites attempting to trick users into downloading malware or giving up their credentials,” Stamos said.

Moreover, Zoom’s bug bounty program rewards users and security researchers for identifying bugs within a company’s product.