Traditional authentication schemes see users needing to create, and remember, separate login details for each service or system they use. With the average organisation using over 1000 distinct cloud services, the burdening of users to remember countless different passwords raises the security risk through password re-use, or the increasing use of less complex passwords as users become fatigued with their overwhelming number of credentials. Further, these credentials are most often stored in an abstracted, remote datastore that is unique to each application or service; there must be an implicit trust that the service is correctly and securely storing these passwords, and that any compromise is disclosed quickly enough to act.
The COVID-19 pandemic, and the ever-increasing number of employees shifting to remote work has seen explosive growth for Zoom’s platform. This growth has come with heavy scrutiny of Zoom’s security posture; organisations and government agencies have seen their private Zoom meetings infiltrated by unauthorised attendees, and enterprise IT teams tasked with hastily standing up their whole organisation for remote work. Media headlines - whilst attention (click) grabbing - in some cases barely use the facts as inspiration.