cancel
Showing results for 
Search instead for 
Did you mean: 

How to disable login verification code

leopoldj
Participant

We have a Zoom account that is shared by several people to host meetings. When logging into Zoom it often thinks that there is an unusual login and the hosts are asked to enter a verification code (please see screenshot below). The verification code is sent to the account email that these hosts have no access to. This is causing a lot of frustration and delays. Is there any way we can disable this logion verification? Thank you.

 

leopoldj_0-1643314139619.png

 

4 ACCEPTED SOLUTIONS

Subzer01
Listener | Zoom Employee
Listener | Zoom Employee

Hello,

 

With Client Release 5.9.0, Zoom added an additional security feature to protect the accounts of our customers. This feature is designed to avoid fraud and abuse. When attempting to log in from a different device/ location, Zoom will send a One Time Password (OTP) to the user's email.

If for any reason, you are having issues logging in because of the feature above, please contact support so they can investigate and provide solutions as necessary.
Support can enable their 2FA in order to bypass the security feature mentioned above so that users can temporarily log in to their account.

 

Thanks,

Allan

View solution in original post

Rich1971
Listener

Hello

 

We were having the same issue with one account and multiple different users having to log in to host meetings. 

The way "around" it is to turn on 2FA. 

 

Hear me out...

 

Setup Google authenticator on a device but instead of using the qr code that zoom shows, choose to use the alphanumeric code instead. Make a note of this code. 

Then anyone that needs to use the account just needs to setup Google authenticator on their phone/tablet using the same alphanumeric code. 

This works well for us, hopefully useful for others.

 

Rich

View solution in original post

dflinton
Attendee

After a week or bit more and a few back and forth with support we did get an exemption. They required a signoff on the fact that it will your security profile will be less by opting out and a explanation of why it wouldn't work for our situation.  They did state in their few standard replies that sharing accounts is against usage, i didn't try to argue that just how we use it, how we have been using it for years, and how 2fa and SSO wouldn't work. So a support ticket seems the way to go until they get enough of them they change it for everyone. 

View solution in original post

Our admin set up a separate email to serve as the login for one of our organization’s licenses.  It’s not the main organization email and used only for Zoom.  The people who use Zoom in our organization have access to this email account and can pick up any OTP request.  Works so far. 

View solution in original post

187 REPLIES 187

Try this: Have you tried using the "claim host" feature rather than having your hosts log into the Zoom accounts? We finally thought of that and it seems to be a great solution - does away with the OTC issue and keeps our accounts more secure.  https://support.zoom.us/hc/en-us/articles/205172555-Using-your-host-key 

This is clearly not meeting the need of many of your customers. It's a royal pain - please please put in a way for the admin to disable this.

We are an events company with multiple accounts.  Each meeting is scheduled in advance with our clients and could be any of our employees using any of our hire laptops for the events.  This "feature" has become a real issue as we now have technicians at events who cannot gain access to an account becasue of the pass code.  Is it possible to have the code sent to multiple emails? 

dflinton
Attendee

I am also having this trouble where we pay the expensive Pro and webinar accounts and allow users to login to them. We don't need 40 pro accounts neither could we afford that, our three accounts are used just enough that its perfect. Until the OPT was enabled. Those users don't have access to the email account that the OTP password is sent nor should they.  Can you please disable this feature. 


Don

Hi all, I hope this lands in the right place. Wanted to share that through a Zoom chat today (6/1/22) I asked this was removed from an org's account. Here's the response from the Zoom rep:

This feature is designed to avoid fraud and abuse. Only if an account has a legitimate use case where they can not use SSO, Two Factor Authentication, or OTP, we can request an exception to whitelist this account for OTP, however, submitting a request to have OTP disabled and that it is subject to review and approval by the right department, and it can NOT be guaranteed.

😐I'll let you know what we hear back and if the request is granted. It was initiated in chat and then the rep. submitted a ticket and provided a ticket number. You might save yourself some time just by going straight to "submit a ticket."

Thanks for that, i  may end up trying it with something like; The legitimate use case is we have multiple remote users and zoom hasn't figured out how to set an allow bit to make them authorized users. These users are from varying  backgrounds and may not have access to a cell phone for for a 2fa setup, but that's irrelevant because zoom doesn't have that ability. The OTP change disrupts our work flow we have had for 2+ years now and should be disabled. Its obviously editable thus the whitelist, allow users to check yes or no in their account set it to default yes. 

Thanks.

Don

We switched to using the "claim host" feature - it works great for our teachers and keeps our accounts more secure. You can find details elsewhere in this feed and/or search for it. You just need to set up a "claim host" code. Then your hosts use the same link to get in as participants. Once in the meeting, the host clicks on the "participants" link, then, at the VERY bottom right corner clicks "claim host" and enters the code. That's it. Waiting room must be turned OFF, and "join before host" must be turned ON. We have it set up so that no one can get into a room more than 15 minute before the meeting starts, which takes care of any potential conflicts.

 

NWSS_IT_Admin
Participant

Hi All,

 

I raised a ticket (#14280083) with Zoom in early May, when the OTP prompt first appeared. The Zoom agent confirmed that the OTP requirement had been "temporarily disabled". Here is the latest response (received May 30th):
"I can confirm that our team has temporarily disabled OTP globally as we re-evaluate the feature. For the time being, OTP has been removed on login. We aim for the best solution/configuration for all our clients, including yours and we do value your feedback.
 
Moreover, please know that Zoom users will be notified in advance once this feature goes live again. 
 
Also, please know that Zoom detects a suspicious login when a user logs in from a different country or device than usual, among other factors. While we're unable to disclose or provide additional information on how this security feature works. With that, please know that Zoom welcomes feedback from our users and I would recommend filling out our feedback form here: https://zoom.us/feed so our Product Team can review your feedback."

However, I have still received no satisfactory answer to my question "what constitutes a suspicious sign-in?" It seems that everything does! Also, if I enable VPN, then all my attempts at signing-in will be deemed suspicious. Basically, if Zoom re-enables OTP, then no-one will be able to use Zoom over VPN.  It seems as if Zoom has not really thought this through.

We had the OTP issue today (6/1/22), so it's not currently globally disabled and we received no notice that it was reactivated.

pjkundert
Listener

We're having issues across several accounts now, too.  Multiple people globally are responsible for maintaining a paid Zoom Webinar at various times during the day, and they can no longer log into maintain the session.

Subzer01
Listener | Zoom Employee
Listener | Zoom Employee

Hello,

 

With Client Release 5.9.0, Zoom added an additional security feature to protect the accounts of our customers. This feature is designed to avoid fraud and abuse. When attempting to log in from a different device/ location, Zoom will send a One Time Password (OTP) to the user's email.

If for any reason, you are having issues logging in because of the feature above, please contact support so they can investigate and provide solutions as necessary.
Support can enable their 2FA in order to bypass the security feature mentioned above so that users can temporarily log in to their account.

 

Thanks,

Allan

Hw can I contact support to tell them to disable ? I have a paid acct , but it says - Unfortunately, your account does not have access to live chat support or phone support

 

I cannot get into zoom when offsite because the emails never come.

 


Support can enable their 2FA in order to bypass the security feature mentioned above so that users can temporarily log in to their account.

This is confusing. What does it mean by enable 2FA? 2FA and OTP are totally different issues. We want to disable OTP. How does enabling 2FA achieve that? Can you please explain this better? Thanks.

Buttercup
Attendee | Zoom Employee
Attendee | Zoom Employee

OTP and 2FA are both used to verify that the person logging into the account is the person who owns that account.  Both are measures to prevent account hijacking.  OTP will not trigger if:

  • 2FA is enabled on the account
  • The user uses SSO
  • When logging in using Google, Facebook, or Apple ID

2FA can utilize either mobile authentication app and requires additional setup.

OTP is sent via email, and requires no additional setup.

If my answer was helpful or solved your issue, please remember to like or mark the solution!

[Deleted]

Buttercup
Attendee | Zoom Employee
Attendee | Zoom Employee

Can you clarify what you just said?  Your response indicates that NONE of the conditions are true.  OTP will not trigger if ANY of the conditions is true.  At least one condition must be true.

  • If you use email/password to log in, OTP will trigger unless 2FA is in use.
  • If you sign in through SSO/Google/Facebook/Apple ID, OTP will not trigger.

If you are experiencing otherwise, please put in a ticket.  Even better if you're able to include a recording of the process/steps that the user is taking when getting OTP when either of the above scenarios are true.

If my answer was helpful or solved your issue, please remember to like or mark the solution!

Sorry, my bad. I misread your comment. I have deleted my post.

 

So, basically, I think Zoom is suggesting that to disable OTP one should enable 2FA. This is not acceptable and shows a complete lack of understanding of our use case.

 

Yes, we are sharing about 20 paid accounts among 100 users. But we are not doing this in bad faith. Enough has been said about our use case and I will not repeat them here. Replacing OTP with 2FA will make Zoom equally unusable. I am sort of done here. I wish Zoom good luck. You created a good product. But now it's time to move on.

Buttercup
Attendee | Zoom Employee
Attendee | Zoom Employee

Please put in a ticket with your use case requesting an OTP exemption.  It's not about 'bad faith'.  We understand the frustration some customers are experiencing, and that there are specific use cases where OTP/2FA/other sign-in methods just aren't viable options.  

 

If you are on a Business+ account and have SSO available to you, we strongly advise using SSO for your authentication needs.

 

Sharing accounts unfortunately carries a whole host of security and privacy issues.  Officially, it's not supported and against TOS/AUP to share account credentials because of those security and privacy issues.

If my answer was helpful or solved your issue, please remember to like or mark the solution!


Officially, it's not supported and against ...


We are asking you to formally support it. We cannot build on this quicksand. Some months ago we were asked to open a ticket to disable OTP and we did that. It worked for a while before it was enabled again without any warning. About week ago OTP was disabled globally. Once again it was enabled without any notice.  

Would Zoom please let us manage our own security, as we already do with our very complex networks, servers and software tools? This OTP feature has been a step too far for almost all educational institutions, which must share accounts for very legitimate reasons.  I would be very sorry to have to leave Zoom, but this conversation is pointing outside.

2.14.0.0

I don't think you understand the issue that many Zoom customers have with OTP and 2FA. Both require access to the account holder's email in order to access a verification code. So neither will work.

 

There are many Zoom customers, like myself, who buy Pro license and provide the Zoom account sign in details to members of their organisation for perfectly legitimate reasons. In my case, it's because I am the IT admin for a charity who meet over Zoom frequently. If I am away (on holiday), someone else needs to start those Zoom meetings on my behalf. I am not unique in that requirement. There are organisations running online training courses who need to give Zoom account details to their trainers.

 

I raised a ticket on May 10th and was assured by a Zoom agent (on 30th May) that OTP had been globally disabled and that all customers would be notified before it was re-enabled. Well...just now I was prompted for an OTP passcode! So that was a lie then. If you like I can give you the agent's name and show you the thread as proof that I was lied to.

 

I also asked the agent "what constitutes a suspicious sign in attempt?" It appears that the answer is "everything"! Zoom's "security AI" suffers with short-term memory loss and extreme paranoia. I worked in developing AI for 35 years - give me a call for some simple tips on how to boost its IQ.

 

All you Zoom complaining and long-suffering customers should just abandon Zoom - switch to Microsoft Teams - much better, more secure, reliable and free for charities! At least Microsoft don't lie to their customers.

Agreed. Drop Zoom and move over to Teams. Don't even bother with a support call to get your account relieved of this inconvenience. They just grill you over and over about why you need to have it removed.

 

The OTP change has made the product all but unusable in our church for all the same reasons offered around use in education. With their brainless confusion of suspicious login, OTP and 2FA, they have created a 'heads I win, tails you lose' situation.

 

Well, Zoom, you lose.

Serious question: So why cant zoom do what google & many other software companies do by sending an email that mentions a security concern?

This sounds like a money making measure dressed in "security measures" clothing.

It is a major issue for many education based business as per comment here and zoom disabled, then re-enabled without any notice. a very poor customer experience (feedback). 

I think that is the bottom line here.  Profit expectations down from a high during COVID; this is purely a money-making change which they think will result in higher profit. Instead, it will just cause more businesses, churches, schools, etc., to drop Zoom. All of the goodwill Zoom developed during the pandemic has now been squandered on a short-sighted change in corporate thinking which just will give them a bad name and loss of customers. I had to cancel a meeting hosted by Zoom through eventrbrite ON THE NIGHT of the meeting due to this unannounced “upgrade”. The meeting had been planned months before this change took place, and we had no warning, just disappointed customers!

Possible workaround: It looks like the account will allow me to change email. So I'm going to try making a new gmail to use specifically for the zoom account, only for receiving the OTP and zoom communications. Then I will set up email forwarding to my personal email and the emails of the 5 class assistants I have who sometimes open the zoom meeting. That way they can still open the meeting if I'm driving or something. 

This feature has caused me major headaches with my guitar group and movie groups, the major reason I have and use Zoom.  I occasionally can't make it and gave the code for just that evening.  We've always done it this way and if we can't continue, I'd like a refund and I'll find another platform as this new "security" feature is making your product useless to me!

If you submit a ticket to Zoom indicating the reason the 2FA and OTP security measures do not work for your organization, plus the following statement, it will be escalated to Tier 2, where they should be able to disable your security settings: 

I understand and acknowledge that disabling One Time Password for my account may lead to an increased account security risk, including the risk of account takeover.  Notwithstanding this risk, I am requesting that OTP be disabled for my account.’

Similar problem.

 

Our church Zoom account uses the church administrator as account owner and email address.  EVERY time someone needs to use the Zoom account they are requested to enter in the OTP code which has been sent to the church administrator email address.  We are away to cancel our Zoom account and go elsewhere.  And by the way it does not prevent fraud and abuse.  Way to go Zoom.

Hi KenMavor

Did you try to get Zoom to disallow the OTP?  Start a ticket? Talk to anyone?  Our church admin spoke with a Zoom rep yesterday, who said she'd have to take it to her supervisor.  We're cautiously hopeful. 

 

Honestly, I don't think this about 'security' at all.  Zoom must realize that people don't have 24/7 access to the licensed account email, and that many Zoom meetings are taking place even outside the office./office hours.  Many churches/nonprofits cannot afford to have a license for every discrete individual who legitimately use the organization's account.  So very short-sighted on Zoom's part.

 

I wish you good luck.  

Same here. This is causing loads of problems with our church group too.

 

Cannot login from an unrecognised location/device without the code and only one person (not hosting the meeting, not even in the location) gets the code. O so unhelpful.

 

What is completely bizarre about the way it works is:

 

  • Zoom decides all by itself if it thinks something is suspicious
  • 2FA is TURNED OFF in the account settings
  • and Zoom still decides all by itself when an OTP is needed
  • so you cannot predict when it will ask for the code
  • and your meeting/event/service is completely disrupted

So the admin or user has no control over how this works. I've never encountered a more poorly implemented security measure in a software product. That's because it isn't a security measure at all.

 

Zoom GO BACK TO SCHOOL and learn how to produce software!

 

It is a 'Netflix' approach to crack down on password sharing - obviously. Except Netflix were honest about their problem and how they hoped to fix it. Very poor Zoom. We are not pleased.

 

Fix this, or the very clear solution is to use a different video conferencing tool. There are lots of alternatives. And we yes will cancel the subscription. 

How does a temporary solution work if we need various hosts being able to log in on a regular basis and none have access to the email where the codes are sent?

 

Our admin set up a separate email to serve as the login for one of our organization’s licenses.  It’s not the main organization email and used only for Zoom.  The people who use Zoom in our organization have access to this email account and can pick up any OTP request.  Works so far. 

We have the same problem, and our 2FA is off. And we're still getting the same issue with the request for OTP. The email is usually unchecked because we're one organization but have several authorized users who don't have access to the email.

Hi Allan

We do also find this feature very annoying. You must understand that a university using zoom for teaching includes usage of multiple computers

 

Cheers

Valgeir

This is about Zoom responding to unprecedented profits by creating barriers for small non-profits to increase revenue. If it was about protecting against users accounts getting hacked, users would be able to disable the feature. This is simply about Zoom corporate greed.

Hi.

Why in the world was it not possible to allow all computers within the same organization? Give us the option of whitelisting IP range. Last 12 months, we had 50299 zoom meetings and 98 webinars. We have been using Zoom for larger conferences but after the verification code failing last Friday resulting in locking my account 5 mins before conference, we are seriously considering Teams instead as we already are large users there as well.  So, this "detection" of another location is total failure as it happens in all our classrooms. Do you still want us as customers, IP whitelist thank you

 

Valgeir

Hello, 

 

We need to disable the verification code too, since we have a large number of users (teachers) that have to use the same Zoom account daily. The verification code causes a lot of delays and we need to disable this feature urgently. How can we contact support to disable the verification code?

 

Thank you for your time. 

 

 

Hello, 

 

Perhaps you could attempt to listen to the concerns raised by this user and the multiple others that have expressed very clearly that this feature is causing harm rather than benefit. 

 

My admin assistant books meetings on my account. When he logs in to zoom on my account, he receives a request for a one-time code. The code is sent to my email and I have to respond to him within 10 minutes in order for him to proceed. This obviously doesn't work because I am busy. 

 

In the numerous responses to this issue there are references to 2FA or some other complicated and user unfriendly solution. The reality is that these are not not practical and most will follow the advice provided by one of the users in this email train. Specifically, they will set up a dummy email address so that both the user and the admin person that books the meetings can check the one-time password. 

 

This is clearly frustrating for users. Perhaps this annoying and unnecessary feature could be eliminated. I would literally rather have Russian hackers abuse my account than deal with the irritating one-time password on a biweekly basis. I'm also not a fan of setting up a dummy account. Given the number of annoyed users on this thread, it seems pretty clear that many others agree. 

Hello - I am also being asked to put in the Verification Code.  However, I use a strange email server (Thunderbird), and it sometimes takes so long for the email to show up, the time has expired for entry of the code.  This can make scheduling meetings or starting meetings a long process. Can I have the code texted to me?  

 

OK, and question was how to turn it off? Thank you.