![]() ![]() The other way to join a Zoom meeting is to enter the 9-digit Meeting ID if you attempt to join a meeting using this method and a password was configured, a password prompt is displayed. What was the point of requiring a password, then? No password is required to be input, however, because the password is embedded in the link hidden in the encoded string of characters used to connect to the meeting. The scheduler is expecting the invitee to need a password, as that was how the invite was configured. At the time the meeting is scheduled, a simple click on the link in the invitation is all that’s required to join the meeting. The invitation arrives in the invitee’s inbox or calendar. So, there is limited opportunity someone will intercept the email and glean the meeting details, including the password. The good news here is that 93% of inbound email, according to Google, is encrypted in transit. ![]() If sending to a recipient outside of the company, however, the email contents will flow across public networks. The next step is to send the invitation out if all recipients are within your own company domain, then this is probably secure, as the internal IT team is in control. At this point the obfuscation of the password seems pointless and offers no security value. Pointing out the obvious here: the password’s encoded and plain versions are both included in the same invitation that is typically sent, in its entirety, as a calendar invitation or email to the invitee. The random string is an encoded version of the password, which is listed in its plain form below the Meeting ID. Notice the URL in the invitation in Figure 2 to “Join Zoom Meeting” includes a “pwd=” parameter followed by numerous seemingly random characters. Zoom invitation email with a default, random password
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |