What's New at Zoom? Join our upcoming webinar to get you a first-hand look into some of our exciting new product and feature releases.

Register Now
cancel
Showing results for 
Search instead for 
Did you mean: 

How to disable login verification code

leopoldj
Attendee

We have a Zoom account that is shared by several people to host meetings. When logging into Zoom it often thinks that there is an unusual login and the hosts are asked to enter a verification code (please see screenshot below). The verification code is sent to the account email that these hosts have no access to. This is causing a lot of frustration and delays. Is there any way we can disable this logion verification? Thank you.

 

leopoldj_0-1643314139619.png

 

1 ACCEPTED SOLUTION

Subzer01
Listener
Listener

Hello,

 

With Client Release 5.9.0, Zoom added an additional security feature to protect the accounts of our customers. This feature is designed to avoid fraud and abuse. When attempting to log in from a different device/ location, Zoom will send a One Time Password (OTP) to the user's email.

If for any reason, you are having issues logging in because of the feature above, please contact support so they can investigate and provide solutions as necessary.
Support can enable their 2FA in order to bypass the security feature mentioned above so that users can temporarily log in to their account.

 

Thanks,

Allan

View solution in original post

153 REPLIES 153

Subzer01
Listener
Listener

Hello,

 

With Client Release 5.9.0, Zoom added an additional security feature to protect the accounts of our customers. This feature is designed to avoid fraud and abuse. When attempting to log in from a different device/ location, Zoom will send a One Time Password (OTP) to the user's email.

If for any reason, you are having issues logging in because of the feature above, please contact support so they can investigate and provide solutions as necessary.
Support can enable their 2FA in order to bypass the security feature mentioned above so that users can temporarily log in to their account.

 

Thanks,

Allan


Support can enable their 2FA in order to bypass the security feature mentioned above so that users can temporarily log in to their account.

This is confusing. What does it mean by enable 2FA? 2FA and OTP are totally different issues. We want to disable OTP. How does enabling 2FA achieve that? Can you please explain this better? Thanks.

OTP and 2FA are both used to verify that the person logging into the account is the person who owns that account.  Both are measures to prevent account hijacking.  OTP will not trigger if:

  • 2FA is enabled on the account
  • The user uses SSO
  • When logging in using Google, Facebook, or Apple ID

2FA can utilize either mobile authentication app and requires additional setup.

OTP is sent via email, and requires no additional setup.

If my answer was helpful or solved your issue, please remember to like or mark the solution!

[Deleted]

Can you clarify what you just said?  Your response indicates that NONE of the conditions are true.  OTP will not trigger if ANY of the conditions is true.  At least one condition must be true.

  • If you use email/password to log in, OTP will trigger unless 2FA is in use.
  • If you sign in through SSO/Google/Facebook/Apple ID, OTP will not trigger.

If you are experiencing otherwise, please put in a ticket.  Even better if you're able to include a recording of the process/steps that the user is taking when getting OTP when either of the above scenarios are true.

If my answer was helpful or solved your issue, please remember to like or mark the solution!

Sorry, my bad. I misread your comment. I have deleted my post.

 

So, basically, I think Zoom is suggesting that to disable OTP one should enable 2FA. This is not acceptable and shows a complete lack of understanding of our use case.

 

Yes, we are sharing about 20 paid accounts among 100 users. But we are not doing this in bad faith. Enough has been said about our use case and I will not repeat them here. Replacing OTP with 2FA will make Zoom equally unusable. I am sort of done here. I wish Zoom good luck. You created a good product. But now it's time to move on.

Please put in a ticket with your use case requesting an OTP exemption.  It's not about 'bad faith'.  We understand the frustration some customers are experiencing, and that there are specific use cases where OTP/2FA/other sign-in methods just aren't viable options.  

 

If you are on a Business+ account and have SSO available to you, we strongly advise using SSO for your authentication needs.

 

Sharing accounts unfortunately carries a whole host of security and privacy issues.  Officially, it's not supported and against TOS/AUP to share account credentials because of those security and privacy issues.

If my answer was helpful or solved your issue, please remember to like or mark the solution!


Officially, it's not supported and against ...


We are asking you to formally support it. We cannot build on this quicksand. Some months ago we were asked to open a ticket to disable OTP and we did that. It worked for a while before it was enabled again without any warning. About week ago OTP was disabled globally. Once again it was enabled without any notice.  

Would Zoom please let us manage our own security, as we already do with our very complex networks, servers and software tools? This OTP feature has been a step too far for almost all educational institutions, which must share accounts for very legitimate reasons.  I would be very sorry to have to leave Zoom, but this conversation is pointing outside.

2.14.0.0

I don't think you understand the issue that many Zoom customers have with OTP and 2FA. Both require access to the account holder's email in order to access a verification code. So neither will work.

 

There are many Zoom customers, like myself, who buy Pro license and provide the Zoom account sign in details to members of their organisation for perfectly legitimate reasons. In my case, it's because I am the IT admin for a charity who meet over Zoom frequently. If I am away (on holiday), someone else needs to start those Zoom meetings on my behalf. I am not unique in that requirement. There are organisations running online training courses who need to give Zoom account details to their trainers.

 

I raised a ticket on May 10th and was assured by a Zoom agent (on 30th May) that OTP had been globally disabled and that all customers would be notified before it was re-enabled. Well...just now I was prompted for an OTP passcode! So that was a lie then. If you like I can give you the agent's name and show you the thread as proof that I was lied to.

 

I also asked the agent "what constitutes a suspicious sign in attempt?" It appears that the answer is "everything"! Zoom's "security AI" suffers with short-term memory loss and extreme paranoia. I worked in developing AI for 35 years - give me a call for some simple tips on how to boost its IQ.

 

All you Zoom complaining and long-suffering customers should just abandon Zoom - switch to Microsoft Teams - much better, more secure, reliable and free for charities! At least Microsoft don't lie to their customers.

Agreed. Drop Zoom and move over to Teams. Don't even bother with a support call to get your account relieved of this inconvenience. They just grill you over and over about why you need to have it removed.

 

The OTP change has made the product all but unusable in our church for all the same reasons offered around use in education. With their brainless confusion of suspicious login, OTP and 2FA, they have created a 'heads I win, tails you lose' situation.

 

Well, Zoom, you lose.

Serious question: So why cant zoom do what google & many other software companies do by sending an email that mentions a security concern?

This sounds like a money making measure dressed in "security measures" clothing.

It is a major issue for many education based business as per comment here and zoom disabled, then re-enabled without any notice. a very poor customer experience (feedback). 

Possible workaround: It looks like the account will allow me to change email. So I'm going to try making a new gmail to use specifically for the zoom account, only for receiving the OTP and zoom communications. Then I will set up email forwarding to my personal email and the emails of the 5 class assistants I have who sometimes open the zoom meeting. That way they can still open the meeting if I'm driving or something. 

This feature has caused me major headaches with my guitar group and movie groups, the major reason I have and use Zoom.  I occasionally can't make it and gave the code for just that evening.  We've always done it this way and if we can't continue, I'd like a refund and I'll find another platform as this new "security" feature is making your product useless to me!

If you submit a ticket to Zoom indicating the reason the 2FA and OTP security measures do not work for your organization, plus the following statement, it will be escalated to Tier 2, where they should be able to disable your security settings: 

I understand and acknowledge that disabling One Time Password for my account may lead to an increased account security risk, including the risk of account takeover.  Notwithstanding this risk, I am requesting that OTP be disabled for my account.’

Similar problem.

 

Our church Zoom account uses the church administrator as account owner and email address.  EVERY time someone needs to use the Zoom account they are requested to enter in the OTP code which has been sent to the church administrator email address.  We are away to cancel our Zoom account and go elsewhere.  And by the way it does not prevent fraud and abuse.  Way to go Zoom.

Hi KenMavor

Did you try to get Zoom to disallow the OTP?  Start a ticket? Talk to anyone?  Our church admin spoke with a Zoom rep yesterday, who said she'd have to take it to her supervisor.  We're cautiously hopeful. 

 

Honestly, I don't think this about 'security' at all.  Zoom must realize that people don't have 24/7 access to the licensed account email, and that many Zoom meetings are taking place even outside the office./office hours.  Many churches/nonprofits cannot afford to have a license for every discrete individual who legitimately use the organization's account.  So very short-sighted on Zoom's part.

 

I wish you good luck.  

Same here. This is causing loads of problems with our church group too.

 

Cannot login from an unrecognised location/device without the code and only one person (not hosting the meeting, not even in the location) gets the code. O so unhelpful.

 

What is completely bizarre about the way it works is:

 

  • Zoom decides all by itself if it thinks something is suspicious
  • 2FA is TURNED OFF in the account settings
  • and Zoom still decides all by itself when an OTP is needed
  • so you cannot predict when it will ask for the code
  • and your meeting/event/service is completely disrupted

So the admin or user has no control over how this works. I've never encountered a more poorly implemented security measure in a software product. That's because it isn't a security measure at all.

 

Zoom GO BACK TO SCHOOL and learn how to produce software!

 

It is a 'Netflix' approach to crack down on password sharing - obviously. Except Netflix were honest about their problem and how they hoped to fix it. Very poor Zoom. We are not pleased.

 

Fix this, or the very clear solution is to use a different video conferencing tool. There are lots of alternatives. And we yes will cancel the subscription. 

How does a temporary solution work if we need various hosts being able to log in on a regular basis and none have access to the email where the codes are sent?

 

Our admin set up a separate email to serve as the login for one of our organization’s licenses.  It’s not the main organization email and used only for Zoom.  The people who use Zoom in our organization have access to this email account and can pick up any OTP request.  Works so far. 

We have the same problem, and our 2FA is off. And we're still getting the same issue with the request for OTP. The email is usually unchecked because we're one organization but have several authorized users who don't have access to the email.

dflinton
Attendee

To reiterate some comments, we need the OTP disabled, we can't use the 2fa or the SSO in the manner this product was rolled out and we have used for 2 + years now.  You will need to affect a change whether that's disable the OTP, allow us to choose to enable or disable, something else. We can't afford to provide everyone a pro account so they can manage their own OTP, but then they probably wouldn't need it, so it does seem this is punitive wrapped in a 'security' blanket.  The product has been great and we do notice all the work zoom does but this does really seem like a deal breaker our users can't use it in this way. Thanks for all the good times. 

We completely concur with above. Users for 3+ years in the education sector. Have 10 accounts for each of our permanaet staff but one account for one group of classes which we use temporary staff changing weekly. The OTP has ruined things for us without any warning. Zoom knew this  from comments above, disabled it then re-enabled it without warning. Goes to show how much they care about education business. We will be looking for other alternatives.  

JPWW
Listener

I am a volunteer part of an organization - a church - that also has a paid Zoom account. I have been successfully logging in remotely on the same computer to host weekly meetings since March 2020.   And I experienced the OTP this morning as I tried to begin a prayer meeting at 7 am, way before anyone in the church office would be available to access the official log in email.  This of course was annoying as well as distressing. 

 

As others have stated, more than one person and certainly more than office staff, use the PAID Zoom account to facilitate meetings for prayer, study, church business, planning, etc.  We obviously don't do this all at the same time.  When he checked into this after I alerted him to the issue, our office administrator was told today that we have to have a separate license for every person who uses the church's Zoom account. WHAT?  This doesn't seem like 'security' to me; it seems like a deliberate attempt on the part of Zoom to get more money!  Surely not everyone in an organization using Zoom has access to the account email, and surely not everyone using Zoom is working in an office where they would have access to it.  What part of REMOTE working does Zoom not understand? Ironic!

Exactly.  The famous "security" excuse.

Rich1971
Listener

Hello

 

We were having the same issue with one account and multiple different users having to log in to host meetings. 

The way "around" it is to turn on 2FA. 

 

Hear me out...

 

Setup Google authenticator on a device but instead of using the qr code that zoom shows, choose to use the alphanumeric code instead. Make a note of this code. 

Then anyone that needs to use the account just needs to setup Google authenticator on their phone/tablet using the same alphanumeric code. 

This works well for us, hopefully useful for others.

 

Rich

LaoNext
Listener

Here we go again,

 

We have 100+ licences and considering ordering more, but this OTP will definetly make us review our choices and go on TEAMS.

Zoom starting to be untrustfull. They are on the path of their decline...

Same thing here, we are planning to unsubscribe our zoom account and start to use the other tools.

CPI
Listener

We have the same issue. Please just disable the annoying OTP. 😡

LaoNext
Listener

Dear ZOOM,   

 

You are shooting yourself on the foot. I hope you understand that.

 

Thanks

dflinton
Attendee

I don't think so at this point. if they drop the hammer and say we aren't using it in agreement with the terms, I leave and use another product.. if it continues to not work for us... i leave and use another product. This list of about a hundred people having the same problem is how you get things done. 

LiderazgoSER
Listener

I have the same problem. Please I need support because I have a lot of employees that are using this account.

Regards,

 

Aura

 

dflinton
Attendee

Just filed a ticket requesting a bypass of the OTP until they have a fix. we'll see. Its amazing all the people here, I don't know if it will make a difference but maybe everyone should enter a support ticket too... they don't seem to care bout us posting here.

CARM
Listener

I filed a ticket via the Support portal requesting OTP be disabled for our company.  Zoom Support sent me an email asking for details as to why we cannot just use 2FA or SOS.  I have sent the reasons why these options won't work for us.

 

Meanwhile, I am using a temporary workaround until OTP is eliminated. 

 

I have activated 2FA for all of our accounts, however, I have not set up the actual 2FA app information on the Zoom accounts.  So, when our trainers login they will get a message that the administrator has set up 2FA and request that they set up the 2FA.  There is a option on the page: Not ready to set up two-factor authentication? Skip.".  They can just click on "Skip" and go right into the account and no OTP is activated.

 

Hopefully, Zoom will soon get the message from all of our comments here and Support tickets that OTP should be optional at the discretion of the account holder and not just globally implemented.  If not, as others have mentioned, then Teams is a good alternative.

Thanks CARM i will try that also. I just received the answer to the support ticket and it seems they are sticking to their guns, the answer was boiler plate about how to use OTP and their other security features not even recognizing my question or the problem. So they've transitioned to  just another cooperation. This model just wont work for us. Maybe we go to 40 minute programs and they get no money. Will start looking at alternatives. 

You can reply back and tell them it doesn't work for your use case to move your request forward

If my answer was helpful or solved your issue, please remember to like or mark the solution!

I'm attaching a Snip of the options I see in my Profile for 2FA.  I'm looking at this via my desktop not via my phone. 

Ah thank you! I was looking at the main account manager 2fa setup not the individual user 2fa i was misunderstanding. That did it i did get the skip this time with the account 2fa off and the user 2fa on. 


Thank you! 

Well i don't know if they changed anything but I don't see a skip option. I also didn't see setting up actual 2fa app information. I  only get the one slider for 2fa on or off, i can pick who it applies to. I also had the support guy quote this work around. This is insane. Our 40 people that have programs scheduled out through October have to guess if they will get teh OTP lockout or if i can get back to them in 10 minutes with the password. This is almost class action suit worthy. 

valleri
Listener

So many of us seriously affected by this and not a peep. We're a nonprofit sharing four pro accounts for different hosts to run vital  support groups. 

I've opened a support ticket. In the meanwhile, if hosts use their personal email to log in and then use Zoom account Hostkey to claim meeting host, would that be ok workaround until it's fixed, or we leave?