The telephone dial-in option should've been separate - if the user chooses to enable it then they can fall back to shorter IDs, while meetings that don't need it (or where it doesn't make sense anyway - screen shares, presentations, etc) would use longer, more secure IDs.
As we've used it at work, the phone dial-in option is the backup plan -- useful when people can't set up their computer's microphone correctly, or lose Internet access for whatever reason.
The "just works" nature is why Zoom is popular. No one wants to have every meeting start with "Is Larry here? Oh, I think he's trying to dial in. I'm going to cancel this meeting and send out a new ID so he can dial in. Everyone watch for that so you can reconnect"
You could even include the option to get approval - pop up says "Mx. Caller ID is calling from 555.555.5555. Approve?" Obviously there's no way to get in through random dialing. And if you get a pile of requests, provide a way to filter incoming numbers and disable the calling ID as soon as everyone is in.
That's even assuming that anti-DOS protection on the phone line is impossible.
Even if the phone dial-in ID would be enabled by default (which isn't what I am suggesting), the extra latency and cost of brute forcing them over the phone network will make these attacks much harder.
I've always preferred conf systems with a call-me-at function better anyway. With most lines, sign in over phone is a horrible waiting game where one missed digit means sitting through instructions for another minute.
Could you not use a telephone intent, where the meeting ID is the suffix to the dial in number with commas for any necessary pauses? Skype for business meeting invites have this. Zoom might then support inviting mobile phone conference participants using SMS, containing the link (think weak 2FA).
The most secure computer is a non-networked standalone box sunk in concrete sunk hidden at the bottom of a deep sea trench. It is not, however, very usable.
Yes. If you're in a conference room and it's not a Zoom Room(tm), or has a Cisco system, or whatever, you have to use the conference phone. You might be able to tell the Zoom meeting host to call the conference phone and bring it into the meeting, but it'd be easier just to type the ID in (unless it was really 128 char, but then that'd give people a reason to buy new conference hardware I guess).
Also if you don't want to install the Zoom client, you can just dial in from your cell phone or desk phone.
When I did consulting, almost every meeting had at least one dial-in. If you didn't include a dial-in, you'd be guaranteed to either get a request to add one, or you'd get people who didn't show.
There was always:
1. someone who was on the road - a traveling consultant or someone in sales
2. a client or potential who called in because of the same, or because they don't sit at a computer all day and/or don't have a headset for their computer.
3. People in a conference room
4. a client who sucks at computers and dials in because they can't figure out how to install the latest version of CiscoGoToZoomMeetingWebEx.exe in IE8 on their macbook.
I've been working home since before the lockdown in my country. Since the lockdown, the number of online meetings that I have in a day has tripled. I think in about 2-3 meetings a day I have problems with microphone/hearing, and end up dialing in from my phone. This is normally for Skype for Business meetings.
The same tends to happen with a few colleagues ... Some anecdote.
Far greater than you would expect, I think. This is anecdotal, but we're an admittedly small company (~20-25 employees) and all of our interactions with other companies (clients) are either direct line-to-line or if we do a conference call, we all call in over the phone. Many of the companies who send us WebEx or join.me or Hangouts Meet or whatever invites only send the phone number even, not even bothering to give us a link (and if you go to the room manually in your browser, you're the only one actually connected via computer)
I call in for every meeting I can. My hearing is poor; the sound quality on the computer just isn't good enough for me. Then add in that my computer is heavily loaded, so it's ability to encode/decode sound is degraded.
I have a high quality desk phone on a land line (admittedly, VOIP from FIOS, but not via my computer) and I will fight tooth and nail to keep it.
All that being said, I'm comfortable typing in an arbitrary length password on my phone. All I ask is that it be formatted to make that easy (groups of 3-4 numbers with spaces).
Working in global research, 40% of our ROW (rest of world) sites and vendors use landline or cell pones to join our meetings, depends on their institutional security and IT settings.
My husband is a market researcher, and is now conducting market research over Zoom & other platforms. The first thing he does is have _everyone_ dial in. It's been a major help in reducing latency and dropped packets, which in turn has a majorly positive effect in getting stranger to be able to talk normally with each other. It helps prevent the "you go no you go" as latency allows people to unknowingly step over each other.
