Spotify Community

Hey there @ReeceN and @WareNetwork2000,

Thanks for reaching out to us.

We take security very seriously. In order to avoid potential issues, we might reset an account's password.

Don't worry! Here you can choose a new password. Then you can log in with your new password and enjoy your favorite jams.

Tip: You can also log in to your account page, scroll down, and select SIGN OUT EVERYWHERE as additional step to secure your account.

Hope this was helpful for you. If you have questions, you know where to find us.

Yeah I am having the same problem. Spotify has reset my password twice in the past weeks now. I am slowly running out of passwords. I am travelling frequently and this is just silly. Especially, because they are not providing a clear reason why they feel like resetting my password.

Please stop this practice, it is not particularly useful from a security perspective and likely even harmful.

Hmm It really cool that I also received the email today, and It makes me confused because:

1. If "suspicious activity" really happen, how can I check when and what IP that make "suspicious activity" happened?
2. I use my Facebook account to create Spotify account and login without set another password for spotify. If "suspicious activity" really happen, how can it happened without triggering Facebook's security detection?

I just got the email everyone’s talking about today around 3am, so I googled it and found this post. Usually when an account of mine has suspicious activity it’s because of phishing, too many failed password attempts, or someone trying to log into my account that knows me. And I know bcuz the emails I get from other apps I am using that need me to reset my password are way more specific as to why my password needs to be rest, than the Spotify email. I love Spotify. I don’t care about changing my password. If I forget I know my email login, not tripping. I also didn’t leave my house yesterday, so it’s not bcuz of my location. I’m not logged in anywhere else. So no, I don’t think Spotify changed the issue. Btw- I also think it’s bizarre that Spotify would log someone out due to location, ON YOUR OWN PHONE. No other app I have does that? Only credit cards?? 😂

I'm convinced that Spotify also has some stupid AI in the background analyzing our behavior and then seems to decide from this whether it was "suspicious" in any way ...

I think that because I wrote my own Spotify UI using their WepAPI to play music and create new playlists.

Every week I use this tool to go very quickly through a huge playlist of new release to find the few songs I like. I mostly play the first song of each album/single only for a few seconds to decide if the song or the whole album would be interesting.

And for the last couple of month exactly that seems to trigger those password resets. I get this mail almost every week now, exactly the day after I used my tool.

I even changed the day of week for this "procedure", and it's still happening exactly the day after.

So please, Spotify, change your behavior analysis. This is really getting annoying. Especially since it's just ME using Spotify to create a new playlist out of the weekly new releases.

There is nothing suspicious or illegal about it!

5 months free getting the same to change my pass every 4 days.

I tested premium with my cc for 2 months and the pass i changed it to a pwned email with pass. So long had my cc info from a preview hacked mail and they never sent anything like change my pass... (very professional).

When returned to regular and had removed my card.... here we go... again the same.

In a sub reddit a former employee admitted it is like a blackmail tactic to go premium. the sub vanished under spotify request. They can keep blackmailing but i changed to Deezer and is much better their free plan.

Asking users to change their password and not allowing them to use one of previous passwords (usually the past 5 passwords) are common and best security practices. Many reliable and secure systems like banking systems would ask their users to do the same thing if they find suspicious activities on users' account.

Spotify could provide more information on the suspicious activities; however, that could lead to some security issues. Let's say someone hacked into your Spotify account and was able to change the email address to their address. When you try to login back to your account that has been compromised, do you want Spotify to send your location to the bad guy's email address? No. Also, when your account is compromised, it's likely that your linked accounts like email account are  compromised as well since many people tend to use the same password for multiple accounts; so Spotify can't trust those accounts and send too much information to them.

I got the same email from Spotify today and I know the frustrating but Spotify is just trying to protect our accounts as well as our information.

I've begun getting these same emails constantly for the past few months with no reasoning or explanation. The only think I can think of that triggers it is that I sometimes forget to turn my music off so it keeps playing one album or playlist all night. If the simple act of forgetting to turn off my music, which I know many many people find themselves doing as well, is enough to mark my account as "suspicious," then what is even the point of using Spotify.

The only other 2 possibilities I can think of is that 1) I only recently begun using this account again after many years because I was mainly listening to music through YouTube. Or 2) that this account has been using the free plan for too long showing I don't intend on switching to premium, so now they're trying to bully my into it.

There hasn't been any other log in on my account besides my phone and my laptop and there is no specification. If this were a more urgent service, like a Bank account, then I can understand this method of security emails, but since it's just streaming music on a free account, there is no need for it to be so cryptic and so overly sensitive to simply using your account in the first place. And if they really did think their service so important to need such a vague security method, then they should've enabled 2 factor authentication a long time ago as well as being able to mark a device/IP address as safe while needing to authorize unknown ones.