Zoombombing Resources

Setting a strong password for your meeting can prevent unanticipated guests from joining. When scheduling a meeting, under Meeting Options, select Require meeting password, then specify a strong password (make your password at least eight characters long and use at least three of the following types of characters: lowercase letters, uppercase letters, numbers, symbols). Participants will be asked to enter this password in order to join your meeting.

The waiting room feature allows the host to control when participants join your meeting. As the meeting host, you can admit attendees individually, or hold all attendees in the virtual waiting room and admit all when you are ready to begin. Admitting participants from the waiting room requires an additional step for the host, but provides increased control to only allow participants to join the meeting when you admit them. This feature can be enabled on a per-meeting basis when scheduling.

If you are scheduling a meeting where sensitive information will be discussed and you do not want participants to start the meeting without you, it's best to disable join before host functionality. If you disable this functionality, participants will see a pop-up dialog that says, "Please wait for the host to start this meeting." If you are the host, there is a login button to login and start the meeting as the host. This feature can also be enabled or disabled on a per-meeting basis when scheduling.

This restriction can help prevent intrusive sharing and potential meeting disruptions. However, this may not be appropriate when multiple participants need to share and collaborate. To limit sharing privileges while in your meeting:

• Click the up-arrow next to Share Screen.
• Select Advanced Sharing Options.
• Under Who can share, click Only Host.

Before the Meeting

Change your personal settings to disable participant annotation for all future meetings.

• Sign in to the University's Zoom portal at zoom.miami.edu.
• Under My Account, go to Settings.
• In the Meeting tab, navigate to In Meeting (Basic) and review the following security setting: Annotation.
• To disable the Annotation setting, toggle it "off."

During the Meeting

To disable participant annotation while you are screen sharing, follow these steps:

• In the Screen Share menu* at the top of your meeting screen, click the More (...) button.
  • *Note: You'll only see this menu while actively sharing your screen.
• Select the Disable Annotation for Others option from the drop-down menu.

If you are the host or co-host in a session and notice an unwanted guest has joined or a participant is disruptive to your session, you have the option to remove them. To remove a participant:

• Click Manage Participants at the bottom of the Zoom window (if the Participants panel is not already visible).
• Next to the person you want to remove, click More.
• From the list that appears, click Remove.

The Zoom Host Controls allow the host or co-host to lock the meeting once all anticipated participants have joined the meeting. When a meeting is locked, no one else can join the session, regardless of having a meeting password. To lock your meeting:

• Click Manage Participants at the bottom of the Zoom window (if the Participants panel is not already visible).
• At the bottom of the Participants panel, click More.
• From the list that appears, click Lock Meeting.

By default, anyone with the join link or meeting ID can join a meeting hosted by users on your account, even if they are not signed into Zoom. To prevent unknown participants from joining the session, you have the option to restrict meeting participants to users who are signed into Zoom, or only to University of Miami (UM) authenticated users.

To only allow UM users to join a Zoom meeting, you can (a) enable this setting per meeting you are scheduling, or (b) enable it as a default setting for all meetings you create. Step by step details are listed below:

Schedule a Zoom Meeting for Only UM Users:

1. Open the Zoom desktop client, and select Schedule.
2. Enter all of your Zoom meeting details. Then, at the bottom of the new meeting scheduler, select Advanced Options.
3. Within the options menu, select Only authenticated users can join. From the drop-down menu, select All UM Users.
4. To confirm and schedule your meeting, select Schedule.

Set to Allow Only UM Users as Default:

1. Access your online Zoom account by visiting zoom.miami.edu and logging in with your University of Miami CaneID and password. Once logged in, click My Account, then Settings.
2. Within the Schedule Meeting settings sub-panel, enable Only authenticated users can join meetings.
3. Next to All UM Users, select Edit. Within the editor, you can add additional .miami.edu domains (such as *.med.miami.edu or *.rsmas.miami.edu).
4. Select Set as default authentication option by clicking the blue check mark box. Then, click Save to confirm.

Download the latest version the Zoom client by visiting: zoom.us/download. We recommend you regularly update your Zoom client or enable automatic updates to take advantage of all the latest security and functionality features.

Since releasing the draft design of Zoom's end-to-end encryption (E2EE) on May 22, 20220, we have engaged with civil liberties organizations, our CISO council, child safety advocates, encryption experts, government representatives, our own users, and others to gather their feedback on this feature. We have also explored new technologies to enable us to offer E2EE to all tiers of users.

On June 17, 2020, Zoom released an updated E2EE design on GitHub. We are also pleased to share that we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform. This will enable us to offer E2EE as an advanced add-on feature for all of our users around the globe—free and paid–while maintaining the ability to prevent and fight abuse on our platform.

To make this possible, free/basic users seeking access to E2EE will participate in a one-time process that will prompt the user for additional pieces of information, such as verifying a phone number via a text message. Many leading companies perform similar steps on account creation to reduce the mass creation of abusive accounts. We are confident that by implementing risk-based authentication, in combination with our current mix of tools—including our Report a User function—we can continue to prevent and fight abuse.

Additional Information

• We began early beta of the E2EE feature in July 2020.
• All Zoom users will continue to use AES 256 GCM transport encryption as the default encryption, one of the strongest encryption standards in use today.
• E2EE will be an optional feature as it limits some meeting functionality, such as the ability to include traditional PSTN phone lines or SIP/H.323 hardware conference room systems. Hosts will toggle E2EE on or off on a per-meeting basis.
• Account administrators can enable and disable E2EE at the account and group level.

We are grateful to those who have provided their input on our E2EE design, both technical and philosophical. We encourage everyone to continue to share their views throughout this complex, ongoing process.

We're excited to share that Zoom 6.0.4 is now generally available! This release delivers one of our most advanced security enhancements to date with support for AES 256-bit GCM encryption, which provides added protection for meeting data and greater resistance to tampering.

So, what does this new encryption algorithm mean for you, and what other security functionality should users be aware of in this new release? Here are 5 things you should know about Zoom 6.0.4:

1. AES 256-bit GCM Encryption

Zoom 6.0.4 continues to support industry‑standard AES 256‑bit GCM encryption for all meetings and webinars. This encryption standard protects in‑transit data with stronger integrity and confidentiality controls. All Zoom Workplace clients must be on version 6.0 or later to join meetings using the latest encryption protocols.

2. Updated “Report a User” Experience

Hosts and co‑hosts can still report disruptive or abusive participants directly from the Security menu, but Zoom 6.0.4 improves this workflow with:

• A clearer reporting interface
• More detailed reporting categories
• Streamlined submission to Zoom’s Trust & Safety team

This feature remains enabled by default and can be managed at the account, group, or user level.

3. Updated Encryption & Security Indicators

Zoom 6.0.4 introduces the redesigned Zoom Workplace interface, including updated security icons:

• The encryption shield remains visible in the upper‑left corner of the meeting window
• The icon now aligns with the new Zoom Workplace visual style
• Clicking the shield still opens the Statistics panel for encryption and connection details

4. Data Center Transparency & Controls

Zoom continues to provide granular visibility into data routing:

• Hosts can select preferred data center regions when scheduling meetings or webinars
• The in‑meeting Info panel shows which data center is currently in use
• Additional connection details are available under Settings → Statistics

These controls help organizations meet compliance and data‑sovereignty requirements.

5. Improved Meeting Exit & Host Transfer Controls

Zoom 6.0.4 refines the meeting‑ending workflow introduced in earlier versions:

• A clearer distinction between Leave Meeting and End Meeting for All
• A simplified interface for transferring host privileges
• Better visual cues to ensure the correct participant receives host rights

These updates reduce accidental meeting termination and improve meeting continuity.

Additional Security Enhancements

A few other recent Zoom security updates include:

• Profile picture restrictions: Admins and hosts can continue to restrict profile picture visibility or prevent participants from changing their picture during a meeting.
• Password & Authentication Controls: Zoom maintains a minimum password requirement for meetings, webinars, and cloud recordings, with additional authentication options available for enterprise accounts.
• Cloud Recording Protections: Hosts and admins can set expiration dates for shared recordings, disable public sharing, and, require authentication to view recordings. These controls help prevent unauthorized access to stored content.

Updating to Zoom 6.0.4

Upgrade to Zoom 6.0.4 by visiting the Zoom download page.

Here's a roundup of the main security changes to the Zoom platform:

• Enhanced encryption indicators: Zoom has updated its in‑meeting encryption shield to align with the new Zoom Workplace interface. The icon clearly displays when AES 256‑bit GCM encryption is active, and clicking it provides quick access to detailed connection and encryption statistics.
• Improved host and co‑host controls: Meeting hosts now have more granular control over participant permissions directly from the Security menu. This includes streamlined options for managing screen sharing, renaming, chat access, and participant privileges without navigating away from the meeting window.
• Refined host transfer and meeting exit workflow: The process for leaving or ending a meeting has been redesigned to reduce confusion and prevent accidental meeting termination. Hosts can now more easily assign a new host before leaving, ensuring a smooth handoff and uninterrupted meeting flow.
• Updated data center transparency: Participants can now view which Zoom data center their meeting is connected to through the in‑meeting Info panel. Hosts scheduling meetings can continue to select preferred data center regions to support compliance and data‑sovereignty requirements.
• Expanded reporting tools: The Report a User feature has been enhanced with clearer categories and improved submission options. Hosts and co‑hosts can quickly report disruptive behavior, attach optional screenshots, and send details directly to Zoom’s Trust & Safety team for review.
• Profile picture and identity controls: Admins and hosts have expanded options to restrict profile picture visibility and prevent participants from changing their picture during a meeting. These controls help maintain a consistent and professional meeting environment.

For additional info on all recent Zoom platform updates, check out our Release Notes.

To learn more about securing your Zoom meetings, check out our Privacy and Security webpage for additional information and resources.

We are proud to announce the acquisition of Keybase, another milestone in Zoom's 90-day plan to further strengthen the security of our video communications platform. Since its launch in 2014, Keybase's team of exceptional engineers has built a secure messaging and file-sharing service leveraging their deep encryption and security expertise. We are excited to integrate Keybase's team into the Zoom family to help us build end-to-end encryption that can reach current Zoom scalability.

This acquisition marks a key step for Zoom as we attempt to accomplish the creation of a truly private video communications platform that can scale to hundreds of millions of participants, while also having the flexibility to support Zoom's wide variety of uses. Our goal is to provide the most privacy possible for every use case, while also balancing the needs of our users and our commitment to preventing harmful behavior on our platform. Keybase's experienced team will be a critical part of this mission.

Zoom Encryption Today

Today, audio and video content flowing between Zoom clients (e.g., Zoom Rooms, laptop computers, and smartphones running the Zoom app) is encrypted at each sending client device. It is not decrypted until it reaches the recipients' devices. With the recent Zoom 5.0 release, Zoom clients now support encrypting content using industry-standard AES-GCM with 256-bit keys. However, the encryption keys for each meeting are generated by Zoom's servers. Additionally, some features that are widely used by Zoom clients, such as support for attendees to call into a phone bridge or use in-room meeting systems offered by other companies, will always require Zoom to keep some encryption keys in the cloud. However, for hosts who seek to prioritize privacy over compatibility, we will create a new solution.

The Near Future

Zoom will offer an end-to-end encrypted meeting mode to all paid accounts. Logged-in users will generate public cryptographic identities that are stored in a repository on Zoom's network and can be used to establish trust relationships between meeting attendees. An ephemeral per-meeting symmetric key will be generated by the meeting host. This key will be distributed between clients, enveloped with the asymmetric keypairs and rotated when there are significant changes to the list of attendees. The cryptographic secrets will be under the control of the host, and the host's client software will decide what devices are allowed to receive meeting keys, and thereby join the meeting. We are also investigating mechanisms that would allow enterprise users to provide additional levels of authentication.

These end-to-end encrypted meetings will not support phone bridges, cloud recording, or non-Zoom conference room systems. Zoom Rooms and Zoom Phone participants will be able to attend if explicitly allowed by the host. Encryption keys will be tightly controlled by the host, who will admit attendees. We believe this will provide equivalent or better security than existing consumer end-to-end encrypted messaging platforms, but with the video quality and scale that has made Zoom the choice of over 300 million daily meeting participants, including those at some of the world's largest enterprises.

As we do this work to further protect our users' privacy, we are also cognizant of our desire to prevent the use of Zoom's products to cause harm. To that end, we will be taking the following steps:

• We will continue to work with users to enhance the reporting mechanisms available to meeting hosts to report unwanted and disruptive attendees.
• Zoom does not and will not proactively monitor meeting contents, but our trust and safety team will continue to use automated tools to look for evidence of abusive users based upon other available data.
• Zoom has not and will not build a mechanism to decrypt live meetings for lawful intercept purposes.
• We also do not have a means to insert our employees or others into meetings without being reflected in the participant list. We will not build any cryptographic backdoors to allow for the secret monitoring of meetings.

Next Steps

We are committed to remaining transparent and open as we build our end-to-end encryption offering. As of May 22, we published a detailed draft cryptographic design. We will host discussion sessions with civil society, cryptographic experts, and customers to share more details and solicit feedback. Once we have assessed this feedback for integration into a final design, we will announce our engineering milestones and goals for deploying to Zoom users.

We look forward to welcoming the Keybase team and are excited for the possibilities of what we can build together.

The Zoom team has been hard at work delivering additional features that further secure your Zoom meeting and webinar experiences. This past weekend's release included additional password protections, one of the best options for securing your meetings and webinars.

Here's a quick overview of the new password options, Zoom's random meeting ID generator, and other Zoom platform developments.

What's New

Password requirements: For meetings and webinars, account owners and admins can now configure minimum meeting password requirements to adjust the minimum length and require letters, numbers, and special characters, or allow only numeric passwords.

Random meeting IDs: One-time randomly generated meetings IDs for newly scheduled meetings and webinars will be 11 digits instead of nine. Your Personal Meeting ID (PMI) will remain the same.

Cloud recordings: Password protection for shared cloud recordings is now on by default for all accounts. We've also enhanced the complexity of passwords on your cloud recordings. Existing shared recordings are not affected.

• As the host, you can adjust the following options in your Zoom recording settings to manage password protection:
  
  • Customize the recording password to a preferred password.  To do so, log in via zoom.miami.edu and click Recordings. Next to the specific recording, click Share > scroll to Password protection > insert your custom password > click Save. Click here for step-by-step screengrabs.
  • Turn off password protection for specific recordings, as needed. To do so, log in via zoom.miami.edu and click Recordings. Next to the specific recording, click Share > scroll to Password protection and disable the option. Click here for step-by-step screengrabs.
  • Turn the recording password feature off on your Zoom account. To do so, log in via miami.edu and click Settings > Recording > scroll down to Require password to access shared cloud recordings and disable the option. Click here for step-by-step screengrabs.

Third-party file sharing: You can once again use third-party platforms, such as Box, Dropbox, and OneDrive, to share across the Zoom platform. We temporarily disabled this feature and have restored it after a full security review of the process.

Zoom Chat message preview: Zoom Chat users can hide the message preview for desktop chat notifications. If this is turned off, you'll simply be alerted that you have a new message without displaying any message content.

Additionally, we've fixed issues related to missing data and delay on the Zoom Dashboard. We will continue to monitor and make improvements to dashboard and reporting performance.

For more information on these changes, please check out the Release Notes for 4.6.11.

On April 8, 2020, Zoom implemented an important update to help make your meetings more private and secure. The most visible change that meeting hosts will see is an option in the Zoom meeting controls called Security. This new icon simplifies how hosts can quickly find and enable many of Zoom's in-meeting security features.

Visible only to hosts and co-hosts of Zoom Meetings, the Security icon provides easy access to several existing Zoom security features so you can more easily protect your meetings.

By clicking the Security icon, hosts and co-hosts have an all-in-one place to quickly:

• Lock the meeting
• Enable the waiting room (even if it's not already enabled)
• Remove participants
• Restrict participants' ability to:
  • Share their screens
  • Chat in a meeting
  • Rename themselves
  • Annotate on the host's shared content

Zoom recognizes that various security settings in the Zoom client, while extremely useful, were also extremely scattered. The addition of this persistent Security icon helps augment some of the default Zoom security features in your profile settings and enables Zoom users to more quickly take action to prevent meeting disruption.

The Security icon replaces the Invite button in the meeting controls. The Invite button has been moved to the Participants panel, and hosts can add additional guests there.

The Security icon is available in Zoom's latest release to all Zoom hosts and co-hosts in all free and paid account types on desktop (Mac & Windows), mobile (iOS & Android), iPad, and in the web client.

Meeting ID No Longer Displayed:

Additionally, the Zoom Meeting ID will no longer be displayed on the title toolbar. The title will simply be "Zoom" for all meetings, preventing others from seeing active meeting IDs when, for instance, Zoom screenshots are posted publicly.

Additional Resources:

• To update to the latest version of Zoom, visit the download page.
• Read more about the Security icon update on Zoom's support page.
• To get more tips and tricks for securely using Zoom, check out Zoom's YouTube page or the Zoom Blog.

As more people use our platform and host their virtual events using Zoom, we wanted to offer up tips to ensure everyone joining an event does so with good intentions. Like most other public forums, it's possible to have a person (who may or may not be invited) disrupt an event that’s meant to bring people together.

So, a couple of reminders on using Zoom to host public events:

• When you share your meeting link on social media or other public forums, that makes your event extremely public. ANYONE with the link can join your meeting.
• Avoid using your Personal Meeting ID (PMI) to host public events. Your PMI is basically one continuous meeting and you don’t want randos crashing your personal virtual space after the party's over. Learn about meeting IDs and how to generate a random meeting ID (at the 0:27 mark) in this video tutorial.
• Familiarize yourself with Zoom's settings and features so you understand how to protect your virtual space when you need to. For example, the waiting room is an unbelievably helpful feature for hosts to control who comes and goes. (More on that below.)

Read on for a list of Zoom features that can help you safely share your Zoom virtual cocktail hour or dance break without unwanted interruptions. Ok, Zoomer? Let's do it!

Manage Screen Sharing

The first rule of Zoom Club: Don't give up control of your screen. 

You do not want random people in your public event taking control of the screen and sharing unwanted content with the group. You can restrict this—before the meeting and during the meeting in the host control bar—so that you're the only one who can screen-share.

To prevent participants from screen sharing during a call, using the host controls at the bottom, click the arrow next to Share Screen and select Advanced Sharing Options.

Under "Who can share?" choose "Only Host" and close the window. You can also lock the Screen Share by default for all your meetings in your web settings.

Manage Your Participants

Some of the other great features to help secure your Zoom event and host with confidence:

• Allow only signed-in users to join: If someone tries to join your event and isn't logged in to Zoom with the email they were invited through, they will not be able to access the meeting.

This is useful if you want to control your guest list and invite only those you want at your event — other students at your school or colleagues, for example.

• Lock the meeting: It's always smart to lock your front door, even when you're inside the house. When you lock a Zoom Meeting that's already started, no new participants can join, even if they have the meeting ID and password (if you have required one). In the meeting, click Participants at the bottom of your Zoom window. In the Participants pop-up, click the button that says Lock Meeting.
• Set up your own two-factor authentication: You don't have to share the actual meeting link! Generate a random Meeting ID when scheduling your event and require a password to join. Then you can share that Meeting ID on Twitter but only send the password to join via DM.
• Remove unwanted or disruptive participants: From that Participants menu, you can mouse over a participant's name, and several options will appear, including Remove. Click that to kick someone out of the meeting.
• Allow removed participants to rejoin: When you do remove someone, they can't rejoin the meeting. But you can toggle your settings to allow removed participants to rejoin, in case you boot the wrong person.
• Put 'em on hold: You can put everyone else on hold, and the attendees' video and audio connections will be disabled momentarily. Click on someone's video thumbnail and select Start Attendee On Hold to activate this feature. Click Take Off Hold in the Participants list when you're ready to have them back.
• Disable video: Hosts can turn someone's video off. This will allow hosts to block unwanted, distracting, or inappropriate gestures on video or for that time your friend’s inside pocket is the star of the show.
• Mute participants: Hosts can mute/unmute individual participants or all of them at once. Hosts can block unwanted, distracting, or inappropriate noise from other participants. You can also enable Mute Upon Entry in your settings to keep the clamor at bay in large meetings.
• Turn off file transfer: In-meeting file transfer allows people to share files through the in-meeting chat. Toggle this off to keep the chat from getting bombarded with unsolicited pics, GIFs, memes, and other content.
• Turn off annotation: You and your attendees can doodle and mark up content together using annotations during screen share. You can disable the annotation feature in your Zoom settings to prevent people from writing all over the screens.
• Disable private chat: Zoom has in-meeting chat for everyone or participants can message each other privately. Restrict participants' ability to chat amongst one another while your event is going on and cut back on distractions. This is really to prevent anyone from getting unwanted messages during the meeting.

Try the Waiting Room 

One of the best ways to use Zoom for public events is to enable the waiting room feature. Just like it sounds, the waiting room is a virtual staging area that stops your guests from joining until you're ready for them. It's almost like the velvet rope outside a nightclub, with you as the bouncer carefully monitoring who gets let in.

Meeting hosts can customize waiting room settings for additional control, and you can even personalize the message people see when they hit the waiting room so they know they're in the right spot. This message is really a great spot to post any rules/guidelines for your event, like who it's intended for.

The waiting room is really a great way to screen who's trying to enter your event and keep unwanted guests out.

Based on feedback from the education community, Zoom recently released a product enhancement to give teachers more control over their meetings.

Host Sharing Enhancements

As of March 26, 2020, the screen sharing settings within your account have automatically defaulted to "Only Host." This setting gives hosts sole permission to share content within their meetings by default.

How do I give meeting participants the ability to share?

If you'd like to give participants screen sharing permission when hosting your next meeting, simply click the arrow to the right of the Screen Sharing icon, select Advanced Sharing Options and select All Participants.

If you'd like to re-enable participant content sharing at the account level, please visit miami.zoom.us/profile/setting > In Meetings (Basic) > Screen sharing > and select All Participants. For reference, see the screengrab below:

Visit the Zoom Help Center for more information regarding this update.

Sharing of Zoom Recordings

Please note that Zoom recently turned on a setting to require a password for recordings that are sent out.

Zoom has helped thousands of schools and teachers around the world quickly shift to remote virtual learning. Click here to read the Zoom blog which highlights best practices for securing your virtual classrooms.