A big thank you to loyal reader Karen Bowden who alerted me to a recent change in Webex security for session hosts.
BACKGROUND: When you schedule a Webex Meeting or Webex Event, the system creates a 6-digit “host key.” Having that key allows a participant to take control of the session -- starting it early, changing configuration options, and assigning role authority levels to participants.
In the past, the host key (and meeting password, if used) has always been included in the confirmation email that gets sent to the host who schedules the session in Webex. Then if the named host or session administrator wants to turn over the reins to somebody else (like a third-party moderator or a backup co-worker), they just forward the email and that person has all the info they need to take over and run things.
Cisco must have felt that this was a little too open and convenient. If that email gets forwarded (by design or confusion), any other recipient also has everything they need to grab control of the session.
NEW BEHAVIOR: The confirmation email no longer contains the 6-digit host key (or meeting password) in the body of the message. Now there is a line saying “If you are a host, click here to view host information: https://xxx.webex.com/xxx/…”
The link indeed takes you to the main meeting information page, which includes the host key. But you need to have a host login on that Webex account to get to it. So it keeps the information safe from random people who get the message in error.
This could create a problem for legitimate cases where a host or admin wants another party to take over the role of host. So you may need to update your process flow to look up the host key when scheduling a new web conference and then communicate it to your preferred moderator or session host. Texting it to them might be a slightly more secure methodology than emailing.
It’s worth noting the change, as third-party hosts could easily find themselves ignoring the email until event day, secure in the knowledge that they have the host key in the message, only to panic at the last minute when they realize it’s no longer included and they can’t log in to the meeting information page.
