Hardware tokens for Zoom Two-Factor Authentication
Two-factor authentication (2FA) is a two-step sign-in process that requires a one-time code from a mobile app or text message, in addition to the main Zoom sign-in. This provides an additional layer of security since users will need access to their phone to sign in to the Zoom web portal, desktop client, mobile app, or Zoom Room. In this article, we will show how our programmable tokens can be used to protect your Zoom account.
- A Zoom account (free or paid). Important: if you are using social login feature (i.e. login using Google or Facebook account), 2FA feature may not be available
- A Token2 programmable token (the guide below shows C301-i as an example)
- An iPhone 7 or newer or Android device with NFC — this is needed for the enrollment only, subsequent logins will only require the hardware token. Windows app is also available but requires an NFC writer device.
Setting up 2FA
If your Zoom admin has enabled two-factor authentication (2FA) for you, you need to set up 2FA when you sign in to the Zoom portal. If 2FA option is not available, ask your admin to enable it. More information is available here.
- Sign in to the Zoom web portal after your admin has enabled 2FA or click on ‘Turn on’ in the Two-factor Authentication section of your profile page (for personal accounts). Zoom will ask for your password before proceeding.
- Select Authentication App as your authentication method by clicking on ‘Set up’ link next to it. Zoom will ask for your password before proceeding.
- On the next step, Zoom will show a QR code
- Keep the QR code shown on the screen and continue with NFC burner as described below
- Open the NFC burner app on your device
- Tap the option to scan a QR code. Look for a QR code icon on the burner app. See below an example for our Android app:
- Turn on the hardware token and touch it with your phone (if Android device is used make sure it is overlapped by the NFC antenna, with iPhone 7 and newer, just bring it close to the top of the phone) and click “Connect” on the app
- Upon successful connection, click the “Burn seed” button. If NFC link is established and the code is correctly scanned, you should see a status window showing “Burning…” and eventually (in a second or two), “burn seed successful..” message in the log window
- After completing the burning process, turn the token display off and turn it on again
- On Zoom 2FA page, click Next.
- Enter the 6-digit code generated by the hardware token, then click Verify
- Zoom will display a list of recovery codes. If you lose your mobile device, you can use a recovery code instead of a generated 6-digit code to sign in.
- Click Download or Print to store the recovery codes. Each recovery code can only be used once.
- Click Done.