Here’s My Zoom Security Checklist

A senior video chats on a laptop computer on his living room sofa
Photo by Roman Samborskyi / Shutterstock.com

Zoom is the hit software product of the coronavirus pandemic, and it’s easy to see why. We all need to connect right now, and Zoom is really easy to use.

That’s also the problem.

Whenever a technology is easy to use, it’s often easy to exploit. And Zoom is finding that out the hard way.

If you haven’t heard the word “Zoom-bombing” by now, you will. Creeps barge into video meetings uninvited and do awful things, largely because Zoom makes it so easy to set up and join meetings. Teachers are finding unwanted digital visitors show up posting porn in front of students; a virtual meeting of black women was interrupted by an invader screaming racist slurs. It’s awful.

Meanwhile, the firm has made some major missteps on its own. It was sharing users’ information with Facebook without their knowledge; it was matching anonymized users with their LinkedIn profiles; it has a spooky “attention monitoring” feature for bosses. (A list of even more horribles is here.)

Zoom is providing a lifeline for millions of people right now, many of them students using the service for free, so I don’t think we should be too hard on it. I also don’t think you should avoid it because of all these missteps. But you should proceed with care when using Zoom, and I’ll give you my advice in a moment.

But first I want to explain the problem a bit. Zoom usage is … zooming. CEO Eric Yuan said in a blog post this week that his company never expected to suddenly be the world’s platform for communicating, and a flood of new consumer use cases have exposed the service’s flaws. How big is that flood?

“As of the end of December last year, the maximum number of daily meeting participants, both free and paid, conducted on Zoom was approximately 10 million. In March this year, we reached more than 200 million daily meeting participants, both free and paid,” he wrote.

Here’s why that matters to you: Yuan has admirably said he’s stopped all feature development for 90 days and is putting all his resources into fixing security and privacy issues. That’s good, but so far, it hasn’t worked. Moving forward, I’d be very skeptical of Zoom’s claims while it deals with the sudden usage crunch and criticism.

In other words, don’t plan on Zoom taking care of your safety. Do it yourself, by checking many settings manually.

For example, Zoom has claimed publicly (here, to security journalist Brian Krebs, and here, in an FBI warning) that meetings are password-protected by default — meaning only users with the password can enter. That defies my personal experience, and empirical evidence. My inbox is littered right now with meeting invitations, not a one requiring a password. And my own meetings, which I hosted, didn’t require a password until I manually set that option.

That matters because, without a password, it’s not all that hard to barge into open Zoom meetings. All you need is a meeting ID, which is usually a nine-digit number.

These can be guessed, or someone could just stumble around looking for random open meetings. Zoom says it stops would-be bombers from brute-forcing their way into meetings by guessing a series of numbers in sequential order, but researchers say they’ve defeated this measure. Krebs talked to a researcher who created a tool that went looking for open Zoom meetings and found 14% of all meetings right now were not password-protected.

When I reviewed Zoom’s password settings, I found the options very confusing.

Ultimately, there is a single setting that meeting hosts can toggle which requires passwords on all new meetings — it’s under Settings, then “Require a password when scheduling new meetings.”

But there are several other places where users can toggle security settings. A host can simply require that users authenticate by logging into Zoom, rather than require a password. A host can require a password for only a single meeting. Hosts can require passwords only for users who dial in. Teachers can set a password for a virtual classroom. Meanwhile, a host can limit a meeting to a preselected list of members with certain email addresses.

All these options might make an IT manager at a large company happy. But it strikes me that Zoom doesn’t have a unified vision for authentication of participants, just a bunch of features.

For newbies, this is a disaster. Zoom is begging for misuse by teachers who are trying to make 25 excited kids sit still long enough to share the stories they wrote that day. Don’t forget, everyone who hosts a Zoom meeting right now is also performing tech support, and dealing with panicked Facebook messages and emails from participants who can’t get into the meeting for some reason. That’s also a recipe for relaxing all controls, making things easier for Zoom-bombers.

So, here’s my quick-and-dirty advice for using Zoom in schools, or anywhere:

1. Know where the eject button is at all times

Just presume something bad might happen. A stranger could get into your Zoom, or a kid might show something inappropriate. And be ready. You have many options, from most drastic to least:

  • “X” the room. Close Zoom immediately. It’s brutal but it will end the problem. People can rejoin, it’s not the end of the world.
  • Make the user leave. Hosts can boot individual users by selecting “Remove” from the menu pictured below, which is reached by clicking the three dots next to the attendee’s image. (People you remove cannot get back into the meeting). Hosts can also mute users or turn off their video at any time by selecting “Stop Video” from the menu below. It’s also possible to mute all participants from the participants panel on the right.
  • Use the “attendee-on-hold” option to put users in timeout for a short while, a bit less dramatic than “remove.” That feature must be toggled on from the administrative options menu.
Screenshot of settings on a Zoom conference
Bob Sullivan / Money Talks News

2. Use Gallery View

It’s easier to see what everyone is doing in “Gallery View” rather than Speaker View, so use that option.

Screenshot of a Zoom conference thumbnail of participant
Bob Sullivan / Money Talks News

3. Don’t start early

Class shouldn’t begin without the teacher in the room. Disable “Allow participants to join the meeting before the host arrives.”

Screenshot of a Zoom conference join before host setting
Bob Sullivan / Money Talks News

4. Use the “Waiting room” option

Enabling the “Waiting room” option lets you control who enters the meeting. Participants can be added one by one or as a group.

Screenshot of waiting room settings for a Zoom conference
Bob Sullivan / Money Talks News

5. Lock the door

Once all participants are logged in, the host can choose “Lock Meeting” to keep anyone else from joining. This sounds like a good idea, but if you have laggards, or someone drops out of the meeting because of an internet hiccup, it can be a pain. So use with care.

While we are in this lower-right-hand corner of Zoom, it’s not a bad idea to mute participants upon entering, either.

Screenshot of a Zoom conference
Bob Sullivan / Money Talks News

6. Limit or ban screen sharing

The Zoom feature causing the most trouble so far has been prank, disgusting screen sharing. Zoom says it now turns off screen sharing by default for anyone other than hosts. Double-check that.

Here are elaborate steps for turning screen sharing on and off from Zoom, but fooling with that setting sounds like trouble to me.

Screenshot of who can share a Zoom conference meeting
Bob Sullivan / Money Talks News

7. Require passwords, but manage them

Zoom allows you to email a link with the password attached to the URL (see below). That means anyone with the link can enter the room. That makes them less safe, but it’s a trade-off. It’s still safer than no-password meetings — random guessers can’t crash in. And requiring people to manually enter passwords might cause more headaches for hosts. (What’s the password?) This is where Zoom’s security paradigm could use more work.

Screenshot of options to require a password
Bob Sullivan / Money Talks News

So you know: This is what a Zoom meeting invite link looks like without an attached password:

https://us04web.zoom.us/j/3043XXXX1

And this is what a link looks like with an attached password:

https://us04web.zoom.us/j/3043XXXX1?pwd=V2x2VmxJZUFDXXXXXXXXWTIxSWJkQT09

8. Never post a Zoom meeting ID publicly

Don’t share a Zoom meeting idea in a public place, such as on social media. Discourage members from forwarding emails with meeting IDs, though that’s obviously tough to stop.

9. Never use your Personal Meeting ID for meetings

Your Personal Meeting ID is a static number, like a constantly running meeting, and it’ll be easy for hackers to exploit. I don’t know why this is a feature. Let Zoom generate unique IDs for meetings.

Screenshot of the personal meeting ID settings
Bob Sullivan / Money Talks News

10. Stop the note-passing

Hosts, especially teachers, can disable chat between participants. That’s probably a good idea in some situations.

Group chat options are a little tricky to find, too. You get to them by expanding the chat menu.

Screenshot of a Zoom conference
Bob Sullivan / Money Talks News

Zoom offers a lot more teacher-specific instructions on this page, but be warned: It’s not perfect. The link for “password-protect the classroom” when I visited was broken.

More from Bob Sullivan:

Disclosure: The information you read here is always objective. However, we sometimes receive compensation when you click links within our stories.

Read Next
The Worst Nursing Homes in America Are Revealed
The Worst Nursing Homes in America Are Revealed

The nursing homes with a history of providing subpar care previously hadn’t been identified for a government list.

8 Surefire Ways to Get Rid of Debt ASAP
8 Surefire Ways to Get Rid of Debt ASAP

Here’s how to painlessly speed up your debt-reduction efforts.

13 Small Gadgets Under $20 That Make Life Better
13 Small Gadgets Under $20 That Make Life Better

These inexpensive electronics will make your day-to-day life a little easier — and happier.

Marooned at Home? Earn Some Cash Playing on Your Computer
Marooned at Home? Earn Some Cash Playing on Your Computer

Earn cash by reading emails, taking surveys, playing games, shopping and signing up for offers through this website.

5 Ways Your Phone Can Slash Grocery Costs
5 Ways Your Phone Can Slash Grocery Costs

These free apps and websites can help you get cash back on groceries, shop more efficiently or squeeze the most from the ingredients you have on hand.

View this page without ads

Help us produce more money-saving articles and videos by subscribing to a membership.

Get Started

Most Popular
9 Things You’ll Never See at Costco Again
9 Things You’ll Never See at Costco Again

The warehouse store offers an enormous selection, but these products aren’t coming back.

11 Things Retirees Should Always Buy at Costco
11 Things Retirees Should Always Buy at Costco

This leader in bulk shopping is a great place to find discounts in the fixed-income years.

Over 50? The CDC Says You Need These 4 Vaccines
Over 50? The CDC Says You Need These 4 Vaccines

Fall is the time to schedule vaccines that can keep you healthy — and even save your life.

Why Cloth Masks May Increase Your Coronavirus Risk
Why Cloth Masks May Increase Your Coronavirus Risk

A new study finds that wearing a cloth mask can backfire if you don’t clean it properly.

11 Household Items That Go Bad — or Become Dangerous
11 Household Items That Go Bad — or Become Dangerous

When you get the impulse to stockpile these everyday items, pay close attention to their expiration dates.

8 Things You Can Get for Free at Pharmacies
8 Things You Can Get for Free at Pharmacies

In this age of higher-priced drugs and complex health care systems, a trip to the pharmacy can spark worry. Freebies sure do help.

7 Ways to Boost Your Credit Score Fast
7 Ways to Boost Your Credit Score Fast

Your financial security might soon depend upon the strength of your credit score.

These Are the 4 Best Medicare Advantage Plans for 2020
These Are the 4 Best Medicare Advantage Plans for 2020

Medicare Advantage customers themselves rate these plans highest.

The 15 Worst States for Retirees in 2020
The 15 Worst States for Retirees in 2020

Based on dozens of metrics tied to affordability, quality of life and health care, these are not ideal places to spend retirement.

The 10 Most Commonly Stolen Vehicles in America
The 10 Most Commonly Stolen Vehicles in America

A new model parks atop the list of vehicles that thieves love to pilfer.

This Is the Cheapest Place to Buy a Used Car
This Is the Cheapest Place to Buy a Used Car

Looking for a good deal on a set of wheels? This should be your first stop.

19 High-Paying Jobs You Can Get With a 2-Year Degree
19 High-Paying Jobs You Can Get With a 2-Year Degree

These jobs pay more than the typical job in the U.S. — and no bachelor’s degree is required.

5 Ways to Get Amazon Prime for Free
5 Ways to Get Amazon Prime for Free

Hesitant to drop $119 a year on an Amazon Prime membership? Here’s how to get it for free.

5 Keys to Making Your Car Last for 200,000 Miles
5 Keys to Making Your Car Last for 200,000 Miles

Pushing your car to 200,000 miles — and beyond — can save you piles of cash. Here’s how to get there.

26 States That Do Not Tax Social Security Income
26 States That Do Not Tax Social Security Income

These states won’t tax any of your Social Security income — and in some cases, other types of retirement income.

10 Reasons Why You Should Actually Retire at 62
10 Reasons Why You Should Actually Retire at 62

If you can, here are several good reasons to retire earlier than we’re told to.

3 Ways to Get Microsoft Office for Free
3 Ways to Get Microsoft Office for Free

With a little ingenuity, you can cut Office costs to zero.

7 Surprising Features That Boost Your Home Value
7 Surprising Features That Boost Your Home Value

You can add value to your home without hiring a contractor to do expensive renovations.

5 Things That Make Life More Meaningful for Retirees
5 Things That Make Life More Meaningful for Retirees

Retirees agree: These are the things that give them purpose and fulfillment in their golden years.

View More Articles

View this page without ads

Help us produce more money-saving articles and videos by subscribing to a membership.

Get Started

Add a Comment

Our Policy: We welcome relevant and respectful comments in order to foster healthy and informative discussions. All other comments may be removed. Comments with links are automatically held for moderation.