I’m a therapist and have become concerned that someone might hack into my Zoom account and use it to find out the identify of my clients. That would be a disaster! What’s the best way to secure my Zoom account to keep things confidential?
You’re right be concerned about the security of your Zoom account. Privacy is important, but if you’re a therapist or medical professional, then not only do you have an ethical obligation to keep your patients and clients safe but a legal requirement too. Nonetheless, there are some ways you can ensure that your Zoom experience is safe and secure. Not only that, but Zoom just added an important additional safety step for people who really want to ensure that their Zoom accounts are really hard to hack into: two factor authentication.
But let’s start with the basics. And this bit of advice is for every service you use online: Use a good password. I’m still dismayed by how many people have easy-to-type and therefore also easy-to-guess passwords like “asdfasdf” or “1234567890” or their own name or their pet’s name. Those passwords stink and hackers have sophisticated tools nowadays that make even a word out of the dictionary trivially easy to guess. Make sure that your passwords are at least ten characters long, add a digit or two, some punctuation and upper and lowercase and you’re well on the way to better security. Then use a reliable password manager like 1Password or LastPass. Bonus: They can offer excellent random passwords and store them for later reuse. For example, here’s one I just generated: Ep7Um.ieUjhhmF
A second smart step is to only log in to Zoom on devices you can keep secure. It’s probably a bad idea to use the same smartphone for Zoom client calls that you take with you to the local park or a protest march at the state capital: If you lose your phone, that’s no bueno!
Which brings us to two-factor authentication. I’m a huge fan of this approach to security because it requires that you both have knowledge of your account and password and have your phone handy at login too. You log in as usual, but then Zoom sends a secret six digit code to your phone and you are require to enter that too before you gain access to the account. That means that even if someone obtains your password they can’t log in to your account. Useful!
Definitely recommended for everyone on every service that supports 2FA, as 2-factor authentication is often called. To enable it on your Zoom account you can’t use the Zoom app, you need to log in to Zoom.us directly from a Web browser. Log in and it’ll look like this once you click on the “Profile” link on the left side:
Well, you shouldn’t have my face showing up, but otherwise, that’s the basics. 🙂
Scroll down until you get to the security section and you’ll find these options:
Two-factor Authentication. That’s the ticket! Click on “Turn on” adjacent and it’ll prompt you to enter your password again (you most assuredly do not want someone else turning on 2FA for your account with their phone!):
Now there are two options for 2FA with Zoom: You can sign up to use a authenticator app or you can sign up with your own mobile number:
A lot of people like authenticator apps because you don’t need to be online to use them. Then again, if you’re offline, why are you logging in to Zoom (and how are you logging in to Zoom) anyway? Still, if you prefer that approach, set up with the Authentication App option. Me? I prefer good old text messages on my phone, so SMS (simple message service, if you’re curious) is my choice. A click on “Set Up” again prompts me for a password, then shows me:
You’ll want to pick your country code (tip: start typing in the name of your country into that pull-down menu to jump to the right spot) then type in your cellphone number. You’ll want your phone by your side but you probably already have it within arms reach, right?
Once your phone number is entered, click on “Send Code” and it’ll send a six-digit sequence to your phone while displaying this:
Since they change every time, I can tell you that for this signup, my secret authentication code was 193401. If you enter that code, however, it won’t work because the underlying concept is that this is a constantly changing sequence and the code sent to you only works for a few minutes.
Once that’s set up, I highly encourage you to save or print out your single use recovery codes just in case you were to lose your phone or otherwise were in a situation one day where you couldn’t receive text messages. In a crisis, these six digit codes can work instead:
For what are hopefully obvious reasons, I’ve opted to blur mine out but the basic format is 193-401. Each only works once too so if you do find yourself in a situation where you need to use a recovery code, your first step is probably to go and disable 2FA until you can set it up safely again.
Once you click “Done” you can access these recovery codes again, if necessary, but otherwise, you’re done. You’ll even get an email from Zoom informing you that two-factor authentication is now enabled on your account:
What’s the experience like now? Not much different. You’ll log in to Zoom with your account and password:
Once you’ve got past this point, however, you’ll now be challenged to enter that second factor authentication code too:
Once have that sent to you and enter it, you’re in and Zoom will work exactly as it always has. Well done!
Pro Tip: I’ve been writing about Zoom and video conferencing systems for years. Please do check out my growing Zoom help area for lots more useful tutorials while you’re visiting. Thanks!