cancel
Showing results for 
Search instead for 
Did you mean: 

Looking for clarification about a registered participant's meeting link

emyount
Explorer
Explorer

Our upcoming scheduled meeting requires registration approval. If an approved registrant shares their confirmation email with others, would they be able to join our meeting? We did not require authentication to join. (Would that have made a difference in the answer?) Thanks for your help.

1 ACCEPTED SOLUTION

Ray_Harwood
Community Champion | Customer
Community Champion | Customer

Hi, @emyount.

 

For Meetings and Webinars, any registrant sharing their personalized registration credentials does indeed open up the possibility that any recipient of this information can join your session. I always mention in emails to attendees that the registration link is your personal link, not to be shared with others.

Requiring authentication helps, in that often times, the recipient will simply click the link and then, when met with the requirement to log in, abandons the effort to join. A knowledgeable or persistent recipient will continue and login, gaining access to the meeting and impersonate the original registrant!  Meaning that their Display Name will be whatever name was given by the original registrant. 

 

I’m aware that some testing has been done which shows that requiring registration and authentication does not enforce a restriction that only the person to whom the registration has been issued can enter the meeting. It only requires that the Attendee be logged into Zoom with any account, even if it does not match the account of the registration. Most hosts wrongly assume that registration + authentication ensures that only the Registrant can enter. 

 

Note that Zoom Events (and the single-session variant called Zoom Sessions) can enforce a match between the login account and the registration account. For each ticket type in Zoom Events, you can specify “authentication by Zoom login” or “authentication by email”, the latter being an option which specifically allows someone to enter without being logged in – but they have to enter a 6-digit code sent to the email address used during registration to ensure they’re actually authorized. If you’re interested in this additional level of security, let me know and I can discuss the pros and cons of Zoom Events with you.

 

I highly recommend not purchasing a Zoom Events or Sessions license until you've had a conversation with an experienced Zoom Events customer and have a good understanding yourself of how Zoom Events licensing works, otherwise you can make a costly mistake which is extremely difficult to undo. 


Ray -- Happy holidays, everyone!

View solution in original post

3 REPLIES 3

Ray_Harwood
Community Champion | Customer
Community Champion | Customer

Hi, @emyount.

 

For Meetings and Webinars, any registrant sharing their personalized registration credentials does indeed open up the possibility that any recipient of this information can join your session. I always mention in emails to attendees that the registration link is your personal link, not to be shared with others.

Requiring authentication helps, in that often times, the recipient will simply click the link and then, when met with the requirement to log in, abandons the effort to join. A knowledgeable or persistent recipient will continue and login, gaining access to the meeting and impersonate the original registrant!  Meaning that their Display Name will be whatever name was given by the original registrant. 

 

I’m aware that some testing has been done which shows that requiring registration and authentication does not enforce a restriction that only the person to whom the registration has been issued can enter the meeting. It only requires that the Attendee be logged into Zoom with any account, even if it does not match the account of the registration. Most hosts wrongly assume that registration + authentication ensures that only the Registrant can enter. 

 

Note that Zoom Events (and the single-session variant called Zoom Sessions) can enforce a match between the login account and the registration account. For each ticket type in Zoom Events, you can specify “authentication by Zoom login” or “authentication by email”, the latter being an option which specifically allows someone to enter without being logged in – but they have to enter a 6-digit code sent to the email address used during registration to ensure they’re actually authorized. If you’re interested in this additional level of security, let me know and I can discuss the pros and cons of Zoom Events with you.

 

I highly recommend not purchasing a Zoom Events or Sessions license until you've had a conversation with an experienced Zoom Events customer and have a good understanding yourself of how Zoom Events licensing works, otherwise you can make a costly mistake which is extremely difficult to undo. 


Ray -- Happy holidays, everyone!

Thank you for your quick and thorough response. We’re not sharing any private or proprietary information at our meetings, so if others join it won’t be disastrous.

 

When I realized that our invitation was likely being shared with non-approved registrants (people were attempting to register with names/emails that didn’t match the csv file I uploaded), it caused me to wonder what would happen if the meeting link and passcode information was forwarded. You have answered that question for me. 

 

Thanks again for your response. Have a great weekend.

Ray_Harwood
Community Champion | Customer
Community Champion | Customer

My pleasure, @emyount.  Glad it was helpful.

 

I'll add -- especially for anyone else that runs across this thread -- that requiring registration is a lot better than just sending out a meeting link with no registration, if you want at least some semblance of control as to who will be attending your meeting.  So that's good.

 

The other thing that requiring authentication does for you is that you will get the email addresses of attendees in your reports.  Since all attendees must be logged into a Zoom account in order to attend, you can ultimately go through the list and determine who the offending culprit likely was.  And if there's ever a serious issue that you think Zoom should look into, file a report with the Zoom Trust and Safety Team from the Reporting Offensive, Illegal, or Abusive Content or Behavior section of the FAQs here:

https://zoomgov.com/en-us/trust/trust-safety.html 


Ray -- Happy holidays, everyone!