Free video conferencing app Zoom announced its first feature change to improve security and privacy: passwords by default.
The announcement comes after the company said it would halt development on new features for 90 days to devote all its resources to fixing the numerous security and privacy flaws plaguing the app.
For those who haven’t followed the Zoom saga, the video conferencing service grew massively in popularity over the last few months — from an average 10 million daily users to 200 million daily users — thanks to the COVID-19 pandemic and the increase in remote work and physical distancing measures. However, with that popularity Zoom also became a target. Over the last week, reports have detailed several vulnerabilities with Zoom, a flaw that leaked email addresses and something called ‘Zoombombing.’
Zoom’s plan to add passwords by default for all meetings should help prevent that latter issue. Previously, people were able to join publicly available Zoom meetings through links traded online. While that feature was intended to make joining meetings a seamless experience, it also enabled the Zoombombing mischief that has run rampant on the platform. Specifically, Zoombombing is when someone joins a public Zoom meeting and takes advantage of the screen sharing tool to take over the meeting. Often, Zoombombers share graphic content like pornography.
While Zoom users could mitigate Zoombombings by adjusting the default settings so that only specific meeting participants can share their screen, the addition of passwords to all meeting rooms should help. Zoom already turned on passwords by default for new meetings, instant meetings and meetings joined through a ‘meeting ID.’ Starting April 5th, it will turn on passwords for previously scheduled Zoom meetings too.
Zoom’s waiting rooms feature will help cut down on unwanted participants
Ultimately, the process of joining a meeting shouldn’t change for most users. Zoom notes on its support page that attendees who join through meeting invites or calendar events will not have to use a password. Instead, the changes apply to people who try to join manually through a meeting ID.
Along with the new password protections, Zoom will enable waiting rooms by default for all meetings. That means when meeting participants join a call, they’ll have to wait in a “waiting room,” a virtual buffer between participants and the call. From there, meeting hosts can grant some or all in the waiting room access to the meeting.
Zoom released the above YouTube video detailing the changes and how they work. You can also read up on the changes on Zoom’s support website.
The Verge notes that the changes could also help fix another security issue plaguing Zoom. Security researchers recently developed a tool that could scan and identify 100 non-password-protected Zoom meeting IDs in an hour. Plus, the tool could scrape information about those meetings. It’s possible the new password-by-default approach could protect users against similar scanning tools.