Students will experience new Zoom security measures in next semester’s online classes.
Duke’s Office of Information Technology announced in September that following the end of fall semester, Zoom will require that all meetings have either a passcode or waiting room enabled. A waiting room will automatically be added if no password has been set.
“The security for passcodes and waiting rooms has been available in Zoom for quite some time, but it’s been a setting controlled by the Zoom account holder,” said Richard Biever, chief information security officer and director of identity management. “Unfortunately, this means that if someone created a Zoom session without a waiting room or passcode, and shared it publicly, it could be at risk for so-called Zoombombings.”
Zoom calls at the University have previously fallen victim to “Zoombombings.” Now with this update, it will no longer be left up to the host to decide whether or not they want a passcode or waiting room.
“We think that this is a good approach because classes, meetings, conferences, webinars, dissertation defenses and other activities are highly dependent on having secure, uninterrupted Zoom sessions,” Biever said.
The mandatory security update was originally scheduled for Sept. 27. However, one week after the update was announced, OIT sent a follow-up email to all Duke Zoom users stating that the planned security changes would instead be implemented after the end of the fall semester.
“Zoom has responded to the appeals of Duke and the higher education community that implementing a broad sweeping change during the middle of a semester would be disruptive,” the email read. “The new security measures for Zoom will be implemented after the end of the Fall semester.”
First-year Spandan Goel has had all her classes online on Zoom this semester.
“I join Zoom meetings pretty much everyday,” Goel said. “Not just for classes, but also club meetings. Because it’s a major platform that I and others use, I would want Zooms to be secure so that I can trust it and so that I feel comfortable taking all my meetings and classes online.”
Despite valuing the additional security, Goel also expressed that the postponement of the update was a good decision.
“I agree that changing things mid-semester would be a bit abrupt,” she said. “I think it’s a good idea that they’re pushing it out because having to switch all our learning to Zoom itself was a big adjustment. I think if they are making big security updates, they should wait until the end of the semester so we can get used to that.”
In the meantime, the OIT has provided a list of ways to take actions to further secure meetings, ranging from muting participants to restricting chats, locking meetings, removing participants and controlling annotation.
Get The Chronicle straight to your inbox
Signup for our editorially curated, weekly newsletter. Cancel at any time.
“Overall, we have been very pleased with Zoom’s approach to securing and safeguarding the application,” Biever said. “The changes represent a step in the right direction to further protect Zoom sessions from being hijacked or ‘bombed,’ requiring a passcode or waiting room rather than having it as an option set by the meeting organizer.”