Two-factor authentication (2FA) is a two-step sign-in process that requires a one-time code from a mobile app or text message in addition to the main Zoom sign-in for users with the work email (email and password) login type. This provides an additional layer of security since users will need access to their phone to sign in to the Zoom web portal, desktop client, mobile app, or Zoom Room.

Admins can enable 2FA for users, requiring them to set up and use 2FA. Admins can also reset an existing 2FA setup if a user has lost access to their 2FA app. 

Note: If two-factor authentication is disabled, users with a work email login type are required to enter a time-based one-time password (OTP) sent to their email if Zoom detects an unusual login from a different country or device than normal.

This article covers:

• How to enable 2FA (admin)
• How to reset 2FA for a user
  • Reset two-factor authentication for select users
• How to set up 2FA (user)
  • Use two-factor authentication through the authentication app
  • Use two-factor authentication through SMS
• How to sign in using 2FA (user)
• How to sign in using a 2FA recovery code (user)
• How to edit your 2FA setup (user)

Prerequisites for two-factor authentication (2FA)

Enable 2FA

• Account owner or admin privileges
• Pro, Business, Education, or Enterprise account

Set up and use 2FA

• Phone number that can receive SMS; or
• Android or iOS device with a 2FA app that supports Time-based One-Time Password (TOTP) protocol. The following apps are recommended:
  • Google Authenticator (Android, iOS)
  • Microsoft Authenticator (Android, iOS, Windows)
  • FreeOTP (Android, iOS)
• Zoom desktop client for Windows, macOS, or Linux: Global minimum version or higher
• Zoom Rooms for Conference Room for Windows or macOS: Global minimum version or higher
• Users with the work email (email and password) login type

How to enable 2FA (admin)

You can enable two-factor authentication for all users in your account, users with specific roles, or users in specific groups.

1. Sign in to the Zoom web portal as an admin.
2. In the navigation menu, click Advanced then Security.
3. Under Security, click the Sign in with Two-Factor Authentication toggle to enable or disable it.
4. If a verification dialog appears, click Enable or Disable to verify the change.
5. Select one of these options to specify users to enable 2FA for:
   • All users in your account: Enable 2FA for all users in the account.
   • Users with specific roles: Enable 2FA for roles with the specified roles.
     Click the pencil icon , select the roles, and click OK.
   • Users belonging to specific groups: Enable 2FA for users that are in the specified groups.
     Click the pencil icon , select the groups, and click OK.
6. If user roles or groups were specified, click Save to confirm the changes. 
   Note: You can share the instructions to set up 2FA with your users.

How to reset 2FA for a user

You can reset a current 2FA setup if a user lost access to their 2FA setup. For example, they misplaced their device, uninstalled the 2FA app, or removed Zoom from their 2FA app.

1. Sign in to the Zoom web portal.
2. In the navigation menu, click User Management then Users.
3. Click the Email/Name ID of the user you want to reset 2FA for and go to their profile.
4. Under Sign In, find Two-factor Authentication and click Reset.
   The next time the user signs in to Zoom, they will be prompted to set up 2FA again in the web portal.

Reset two-factor authentication for select users

1. Sign in to the Zoom web portal.
2. In the navigation menu, click Advanced then Security.
3.  Under Security, click Reset two-factor authentication for select users in your account.
4. In the Reset two-factor authentication dialog box, enter the email address or username that you want to reset.
   Note: All of the selected users' configurations will be reset.

5. Enter your password to reset the two-factor authentication.

6. Click Reset for ___ User(s) to confirm.

How to set up 2FA (user)

If your Zoom admin has enabled two-factor authentication (2FA) for you, you need to set up 2FA when you sign in to the Zoom portal.

1. Sign in to the Zoom web portal after your admin has enabled 2FA.
2. Select Authentication App or SMS as your authentication method.
3. Follow one of these sections depending on what you selected:

Use two-factor authentication through the authentication app

1. Open the 2FA app on your mobile device.
2. Tap the option to scan a QR code. Look for a camera or QR code icon.
3. Sign in to the Zoom web portal to get the QR code.
4. In the navigation menu, click Profile.
5. Under the Sign In section, to the right of Two-Factor Authentication, click Turn On.
6. Enter your password to turn on two-factor authentication.
7. Click Next.
8. To the right of Authentication App, click Set Up.
9. Re-enter your password, then click Next.
10. Scan the QR code using the 2FA app on your mobile device.
    The 2FA app will generate a 6-digit, one-time code.
11. Click Next.
12. Enter the 6-digit code, then click Verify.
    Zoom will display a list of recovery codes. If you lose your mobile device, you can use a recovery code instead of a generated 6-digit code to sign in.
    Note: If you aren't able to verify the code. Click Back to display the QR code again.
13. Click Download or Print to store the recovery codes. Each recovery code can only be used once.
14. Click Done.

Use two-factor authentication through SMS

1. Select a country code for your phone number.
2. Enter a phone number where you will receive 2FA codes. Do not enter any hyphens.
3. Click Send code.
   Zoom will send a 6-digit, one-time code to your number.
4. Open the SMS sent by Zoom.
5. Copy the code in the SMS, then paste it in the Zoom web portal.
6. Click Verify.
   Zoom will display a list of recovery codes. If you lose your mobile device, you can use a recovery code instead of a generated 6-digit code to sign in.
   Note: If you aren't able to verify the code. Click Back then try again.
7. Click Download or Print to store the recovery codes. Each recovery code can only be used once.
8. Click Done.

How to sign in using 2FA (user)

1. Sign in to the Zoom web portal, desktop client, mobile app, or Zoom Room.
   If you set up 2FA using SMS, click Send code.
   Zoom will ask for the code generated from your 2FA app, or the code sent to you using SMS.
2. Open the 2FA app on your phone or view the SMS from Zoom.
3. Enter the 6-digit code displayed on the 2FA app or SMS.
4. Click Verify.

How to sign in using a 2FA recovery code (user)

If you no longer have access to your 2FA codes (for example, you misplaced device, uninstalled your 2FA app, or removed Zoom from the 2FA app), you can sign in using a recovery code you obtained when you set up 2FA.

Note: You can also contact your admin to reset your 2FA setup. When you sign in to the Zoom web portal, desktop client, or mobile app, you will be prompted to set up 2FA again. 

1. Sign in to the Zoom web portal, desktop client, mobile app, or Zoom Room.
2. Click Enter a recovery code or Enter a Recover Code instead.
3. Enter one of the recovery codes you obtained during setup. Each recovery code can only be used once.
4. Click Verify to sign in.
5. (Optional) If you lost access to your 2FA device, edit you existing 2FA setup to add a new device.

How to edit your 2FA setup (user)

After setting up 2FA, you can edit your existing setup if you want to remove a device, set up 2FA on another device, or view recovery codes.

1. Sign in to the Zoom web portal. 
2. In the navigation menu, click Profile.
3. Under Sign In, in the Two-factor Authentication section, use these options to set up 2FA on a new device or remove an existing setup:
   
   • Authentication App
     • Set Up: Set up 2FA using a supported 2FA app. This option is only visible if you don't have an existing 2FA setup that uses a 2FA app.
     • Change Device: Set up 2FA again using a supported 2FA app. This option is only visible if you have an existing 2FA setup that uses a 2FA app.
     • Remove Device: Remove the existing 2FA setup that uses a 2FA app.
   • SMS
     • Set Up: Set up 2FA using a phone number that can receive SMS. This option is only visible if you don't have an existing 2FA setup using SMS.
     • Remove Phone: Remove the existing 2FA setup that uses SMS.
     • Recovery Codes: Click View Codes to view a list of recovery codes.