Zoomtopia is here. Unlock the transformative power of generative AI, helping you connect, collaborate, and Work Happy with AI Companion.
Register nowEmpowering you to increase productivity, improve team effectiveness, and enhance skills.
Learn moreKeep your Zoom app up to date to access the latest features.
Download Center Download the Zoom appDownload hi-res images and animations to elevate your next Zoom meeting.
Browse Backgrounds Zoom Virtual BackgroundsEmpowering you to increase productivity, improve team effectiveness, and enhance skills.
Zoom AI Companion2023-08-12 08:13 AM
Our upcoming scheduled meeting requires registration approval. If an approved registrant shares their confirmation email with others, would they be able to join our meeting? We did not require authentication to join. (Would that have made a difference in the answer?) Thanks for your help.
Solved! Go to Solution.
2023-08-12 09:29 AM - edited 2023-08-12 09:31 AM
Hi, @emyount.
For Meetings and Webinars, any registrant sharing their personalized registration credentials does indeed open up the possibility that any recipient of this information can join your session. I always mention in emails to attendees that the registration link is your personal link, not to be shared with others.
Requiring authentication helps, in that often times, the recipient will simply click the link and then, when met with the requirement to log in, abandons the effort to join. A knowledgeable or persistent recipient will continue and login, gaining access to the meeting and impersonate the original registrant! Meaning that their Display Name will be whatever name was given by the original registrant.
I’m aware that some testing has been done which shows that requiring registration and authentication does not enforce a restriction that only the person to whom the registration has been issued can enter the meeting. It only requires that the Attendee be logged into Zoom with any account, even if it does not match the account of the registration. Most hosts wrongly assume that registration + authentication ensures that only the Registrant can enter.
Note that Zoom Events (and the single-session variant called Zoom Sessions) can enforce a match between the login account and the registration account. For each ticket type in Zoom Events, you can specify “authentication by Zoom login” or “authentication by email”, the latter being an option which specifically allows someone to enter without being logged in – but they have to enter a 6-digit code sent to the email address used during registration to ensure they’re actually authorized. If you’re interested in this additional level of security, let me know and I can discuss the pros and cons of Zoom Events with you.
I highly recommend not purchasing a Zoom Events or Sessions license until you've had a conversation with an experienced Zoom Events customer and have a good understanding yourself of how Zoom Events licensing works, otherwise you can make a costly mistake which is extremely difficult to undo.
2023-08-12 09:29 AM - edited 2023-08-12 09:31 AM
Hi, @emyount.
For Meetings and Webinars, any registrant sharing their personalized registration credentials does indeed open up the possibility that any recipient of this information can join your session. I always mention in emails to attendees that the registration link is your personal link, not to be shared with others.
Requiring authentication helps, in that often times, the recipient will simply click the link and then, when met with the requirement to log in, abandons the effort to join. A knowledgeable or persistent recipient will continue and login, gaining access to the meeting and impersonate the original registrant! Meaning that their Display Name will be whatever name was given by the original registrant.
I’m aware that some testing has been done which shows that requiring registration and authentication does not enforce a restriction that only the person to whom the registration has been issued can enter the meeting. It only requires that the Attendee be logged into Zoom with any account, even if it does not match the account of the registration. Most hosts wrongly assume that registration + authentication ensures that only the Registrant can enter.
Note that Zoom Events (and the single-session variant called Zoom Sessions) can enforce a match between the login account and the registration account. For each ticket type in Zoom Events, you can specify “authentication by Zoom login” or “authentication by email”, the latter being an option which specifically allows someone to enter without being logged in – but they have to enter a 6-digit code sent to the email address used during registration to ensure they’re actually authorized. If you’re interested in this additional level of security, let me know and I can discuss the pros and cons of Zoom Events with you.
I highly recommend not purchasing a Zoom Events or Sessions license until you've had a conversation with an experienced Zoom Events customer and have a good understanding yourself of how Zoom Events licensing works, otherwise you can make a costly mistake which is extremely difficult to undo.
2023-08-12 10:04 AM
Thank you for your quick and thorough response. We’re not sharing any private or proprietary information at our meetings, so if others join it won’t be disastrous.
When I realized that our invitation was likely being shared with non-approved registrants (people were attempting to register with names/emails that didn’t match the csv file I uploaded), it caused me to wonder what would happen if the meeting link and passcode information was forwarded. You have answered that question for me.
Thanks again for your response. Have a great weekend.
2023-08-12 12:47 PM - edited 2023-08-12 12:48 PM
My pleasure, @emyount. Glad it was helpful.
I'll add -- especially for anyone else that runs across this thread -- that requiring registration is a lot better than just sending out a meeting link with no registration, if you want at least some semblance of control as to who will be attending your meeting. So that's good.
The other thing that requiring authentication does for you is that you will get the email addresses of attendees in your reports. Since all attendees must be logged into a Zoom account in order to attend, you can ultimately go through the list and determine who the offending culprit likely was. And if there's ever a serious issue that you think Zoom should look into, file a report with the Zoom Trust and Safety Team from the Reporting Offensive, Illegal, or Abusive Content or Behavior section of the FAQs here:
https://zoomgov.com/en-us/trust/trust-safety.html