The video communication app Zoom has become very popular during the COVID-19 outbreak. However, the app has a number of insecurities — here’s how to make it more secure:
- When using Zoom, create a meeting password and share password only via email (not via social media) — ideally, the password should be changed weekly
- Get a trusted participant to co-host (it’s under “Manage Participants” in the meeting controls) — that trusted person can manage users while the host concentrates on managing the meeting
- Set “Screen sharing” to “Host Only”– unless you require it and you have strong control over who joins your meeting
- Set users to be muted on entry and don’t allow users to un-mute themselves
- Consider controlling chat — you may wish to allow participants to chat with the host only so that an intruder can’t broadcast messages
- Disable file sharing in chat unless strictly needed as this could be abused by an intruder
You can set a more relaxed policy if you control participants using these methods:
Enable The Waiting Room
You can enable the waiting room. The host or co-host must then allow participants in. This only works with small meetings where the host (or co-host) can recognize all the invited participants. This might be harder if any of the participants are missing a webcam. Once all attendees have arrived you can lock the meeting to prevent anyone else from entering.
Set New A Password For Every Meeting
Set a new password for every meeting and ensure the password or the direct join URL is distributed by secure means only to invited participants. Make sure all participants understand that they should not share the password.
Require Users To Authenticate
You can require participants to be authenticated to Zoom. Because anyone can create a Zoom account.
Another Option: Jitsi Meet
An alternative to Zoom is Jitsi Meet — this an open source video conferencing app.