clock menu more-arrow no yes

Filed under:

Zoom adds new security and privacy measures to prevent Zoombombing

New, 12 comments

Passwords and waiting rooms will be turned on by default

Zoom Video Communications Headquarters Photo by Smith Collection/Gado/Getty Images

Zoom will soon turn on passwords and waiting rooms for meetings by default for users on its free tier and those with a single license on its cheapest paid tier in an effort to help prevent “Zoombombing,” or the recent trend of people disrupting Zoom meetings uninvited and sharing shocking or even pornographic content. The new defaults will add real friction to the process of joining a meeting — a process that Zoom had previously made as frictionless as possible to help spur its growth. The changes will take effect starting April 5th.

Zoom passwords were already turned on by default for new meetings, instant meetings, and meetings you joined with a meeting ID — what’s new starting April 5th is that they’ll be turned on for previously scheduled Zoom meetings as well. And once you’ve joined a meeting, you’ll have to wait for the host to let you in from the new virtual waiting room. The host of the meeting can choose to let people in individually from the waiting room or all at once.

You can see the new changes in this video from Zoom:

“We’re always striving to deliver our users a secure virtual meeting environment,” Zoom said in a statement to The Verge. “Effective April 5, we are enabling passwords and ​virtual waiting rooms by default ​for our Free Basic and Single Pro users. We strongly encourage all users to implement passwords for all of their meetings.”

Zoom usage has skyrocketed during the COVID-19 pandemic as people have turned to the free video conferencing service to stay in contact with friends, family, colleagues, and even their yoga teachers. But that increased usage has also made the platform a target for hacks, pranks, and harassment, often through Zoombombing. The issue has become serious enough that federal prosecutors are now warning there could be serious legal implications for Zoombombing perpetrators.

The service’s new default protections may also address other security issues with the platform. Yesterday, it came to light that some security researchers had developed an automated tool that is able to identify 100 non-password-protected Zoom meeting IDs in an hour and scrape information about those meetings — perhaps Zoom’s new passwords-by-default policy could prevent similar scanning tools from finding meeting IDs and private information in the future.

Yesterday, Zoom announced a 90-day freeze on releasing new features so it can focus on fixing privacy and security issues with the platform.

Correction: The new defaults only apply to users on Zoom’s Basic tier and users with a single license on its Pro tier. We originally stated that the new defaults apply to all users. We regret the error. We’ve also added a statement from Zoom sent after the original publication of this article.