Skip to main content

Keep Zoom Meetings Private and Reduce the Odds of Zoombombing

Zoom's privacy and security settings help reduce the possibility of unknown or unwelcome attendees joining, because if someone sneaks in, they could listen, capture screenshots, or disrupt the meeting with unwanted video or audio.

If someone you don't know joins your meeting, instructions are available below to Remove a Participant.

This article applies to: Zoom


The following measures will increase the security of your Zoom sessions and reduce the chance of unwanted attendees ("zoombombing"). We recommend using as many of these options as you reasonably can without impacting your meeting operations. If you are discussing any sensitive or confidential information in your meetings, these measures become that much more important.

New Security Icon Options for Meeting Hosts

Beginning with Zoom version 4.6.10, the Zoom client application offers a Security icon. This feature collects a set of useful options in one place for security-conscious hosts.



Hosts can toggle the following options on or off during meetings. Active features are identified with a checkmark. Clicking an active feature again toggles it off.

  • Lock Meeting
    When a meeting is locked, no new participants can join—even if they are authorized users or have a password. See more below.
  • Enable Waiting Room
    When this option is turned on, participants are placed in a virtual waiting room until admitted by the host. See more below.
  • Allow participants to:
    • Share Screen
      Turning this option off prevents participants other than the host from sharing their screens.

    • Chat
      Turning this option off prevents participants other than the host from using the Chat feature. 

    • Rename Themselves
      Turning this option off prevents participants from renaming themselves in the meeting.

    • Annotate on Shared Content
      Turning this option off prevents participants other than the host  from using annotation tools such as Draw, Stamp, Spotlight, Text, and Erase when screen sharing is used.

  • Remove Participant
    Dismiss a participant from the meeting. The removed individual cannot rejoin the meeting unless you have enabled Allow Participants and Panelists to rejoin in your account settings.
  • Report
    Report abuse directly to Zoom. Please continue to report abuse during Cornell Zoom meetings to zoomsecurity@cornell.edu as well.

In addition to using the Security icon menu to control meetings, consider setting the following options when scheduling meetings:

Enable the Waiting Room Feature

The Waiting Room feature allows the host to control when each participant joins the meeting. As the meeting host, you can admit attendees one by one, or hold all attendees in the virtual waiting room and admit them en masse. This requires more work by the host, but only allows participants to join if you specifically admit them.

Disable Join Before Host

If you are scheduling a meeting where sensitive information will be discussed, it's best to leave Enable join before host (found under Meeting Options when scheduling a meeting) turned off. Visit Zoom's Join Before Host help page for more information.

The Join Before Host option can be convenient for allowing others to continue with a meeting if you are not available to start it, but with this option enabled, the first person who joins the meeting will automatically be made the host and will have full control over the meeting.

Another option is to assign an Alternative Host.

It's still possible for a meeting to start without you (the host) even if Join Before Host is disabled. If you have given someone Scheduling Privilege, which allows them to schedule meetings on your behalf, then when that person joins a meeting before you, the meeting will begin and they will be made the host. This is typically not a problem, as the recommendation to disable Join Before Host is based on preventing unwanted/uninvited participants from hijacking a meeting. After you join, the role of Host can be reassigned to you.

Meeting Passwords

It's recommended that you set a password for your meetings and webinars. In your account settings, you can control the default settings for the meetings you create, and when scheduling meetings, you can control the password settings for that particular meeting. 

Account-wide Password Settings

In your Zoom account settings, consider activating:

  • Require a password when scheduling new meetings

  • Embed password in meeting link for one-click join
    When this is turned on, the link you send out has an encrypted version of the password included, so attendees can join immediately without entering the password or going into a waiting room.

Be aware that anyone who has the full link with the encrypted password can join your meeting, so you should still not share a meeting link publicly, particularly on social media. This is still a good protection against malicious users who use "war-dialing" (automated software that scans random meeting numbers) to attempt to join and harass meetings.
  • Require password for participants joining by phone
    If your meetings may have attendees joining by phone, consider requiring that they use a password as well. If you do this, you will need to provide the password to them separately from the meeting invitation.

Require a Password for Meetings

When scheduling a meeting, select Require meeting password, then specify a strong password. (A strong password is at least eight characters long and uses at least three of the following types of characters: lowercase letters, uppercase letters, numbers, symbols.) 

Attendees will need to enter this password to enter the meeting. You'll need to communicate your password to them, or use one known by them already.

As mentioned above, if you have turned on Embed password in meeting link for one-click join in your account settings, passwords will be encrypted within the join meeting link and participants can join without entering it.

Limit Screen Sharing to the Host

By default, screen sharing in Zoom meetings is limited to the host. You can change this if you need to allow other attendees to share their screens. If you make this change and decide to return to having screen sharing be limited to the host, while in your meeting:

  1. Click the up-arrow next to Share Screen.
  2. Select Advanced Sharing Options.
  3. Under Who can share, click Only Host.

This won't be appropriate when multiple participants will need to share and collaborate, but this restriction prevents unwanted attendees from interrupting the meeting with intrusive sharing.

Meeting Security When Scheduling Zoom Meetings Using Your Outlook Calendar

If you add a Zoom meeting to your calendar or create a Zoom meeting in your calendar using the Zoom Outlook Plug-in, note that the calendar entry may include the Zoom meeting password. If you have set up your calendar so that it is open for colleagues to view the details of your meetings, this can expose the password to anyone who views your calendar. You can protect the password by making the calendar entry private or editing the entry to remove the Zoom meeting password.

Remove a Participant from a Zoom Meeting or Webinar

If you have already begun a session and find an unwanted attendee has joined:

  1. If the Participants panel is not visible, click Manage Participants at the bottom of the Zoom window.
  2. Next to the person you want to remove, click More.
  3. From the list that appears, click Remove.

Lock Your Session

The recently added Security icon menu lets hosts quickly and easily lock a meeting by clicking the option there. When a meeting is locked, no one can join, and you (the host or co-host) will NOT be alerted if anyone tries to join, so don't lock the meeting until everyone has joined.

Zoom hosts can still lock the meeting using the Zoom Host Controls as well. Once all your attendees have joined,

  1. If the Participants panel is not visible, click Manage Participants at the bottom of the Zoom window.
  2. At the bottom of the Participants panel, click More.
  3. From the list that appears, click Lock Meeting.

Unlock the meeting following these same steps.

If Zoombombing Abuse Does Occur

You should be aware of the emotional impact online abuse can have. Imagery that shows the violation of basic human rights (of adults or children) or targets a community is deeply troubling and can be traumatizing. Re-traumatization of victims of sexual violence, assault, or discrimination is also possible. There is also a risk of inappropriate exposure to children who are in the home environment of the remote worker. If an event is intended a child audience, consider recording the program instead of having it live.

If online abuse does occur (regardless of audience), do not pretend that it didn't and power through the meeting—or even advise participants to simply to look away. Rather, end the meeting swiftly and report the incident to Cornell Zoom Security at zoomsecurity@cornell.edu.

Then, follow up with the participants to:

  • apologize for the abrupt ending;
  • indicate what steps are being taken to prevent reoccurrence;
  • express care and concern for the participants; and
  • offer mental health resources that are available.

Was this page helpful?

Your feedback helps improve the site.

Comments?