Announcements
The Spotify Stars Program: Celebrating Values Week!

Help Wizard

Step 1

NEXT STEP

Why is 2FA still not a thing in 2020?!

Why is 2FA still not a thing in 2020?!

So I had to change my unique password for Spotify the fourth time since I decided to buy the premium and I'm really annoyed with the way hacked accounts/paying customers are treated with the lack of safty of their accounts which people put their credit card information into.

My big question is: Why in the blue heavens is 2FA for Spotify still not a thing in 2020?!

I know that I'm not the only one wondering why it isn't implemented by now.
Like I said I had to change it the fourth time now. Every password I had for Spotify I created for just Spotify alone and I keep getting those Low-Fi songs in my Recently played listed.
But why? I'm a Rap & Hip Hop listener!
Why would I listen to that if it's not for me. I don't know the bands/producers, I'm not into that genre of music and I don't want it anything to do with it.

I know for a fact that I don't got on those songs by accident or whatever reason you could pull out. I ALWAYS listen to the songs I favorited, so it would be impossible to get to that music in the first place.

So what does that mean? Well I have to assume someone got into my account right? I've checked that no other devices are connected aside from my PC and phone and forcefully disconnected any devices multiple times, but it keeps showing me those songs after a while, then I change my password, it stays away and then it those songs show up again.

I'm absolutely annoyed that there is nothing I can do to secure my premium account, which I pay for, other then changing my password.
Since when is it the job of the customer to make sure their accounts are safe and do the nessesary precautions to somehow fight an invisible bad guy which maybe got your information already and you can't do nothing else then change your password again?
It isn't and especially it shouldn't.
There is 2FA for everything right now and for a good reason. You guys would be a lot less "busy" with hacked accounts if you implemented a secure system for 2FA. But why bother right?

I'm fully aware that this might be fully ignored or some dumb "automatic-reply-bot" answer getting posted. Trust me I saw the post on here from 2015 where the people from Spotify replied in 2017.

If I get a responds back I hope it's a solid one because if I see that it basically contains the meaning that 2FA can't be implemented right now then I'm **bleep** and cancel my premium that day or even sooner, depending on how long a reply is gonna take.

Not gonna lie, I like Spotify but the lack of security and reading about countless people getting their account hacked or credit card information messed with is not gonna keep me here until 2021 if this keeps getting ignored.
Account safety should be one big priority for a subscription service, especially with all the hackers around the world attacking governments, news stations, websites and whatever else. Do we really need another Playstation Network hacker attack to prove that this is no laughing matter in 2020?

So my final words here before a TL:DR is gonna be:
Please get your head in the game and catch up with your account security flaws because there are enough accounts hacked already.

Edit before posting: putting 2FA in the labels is not available here? Are you kidding?! (Screenshot attached)


TL:DR - 2FA still not implemented, getting random songs in Recently played list, 2FA being everywhere except here, and nothing you can do about people in your account, which you pay for and have no security over, other then changing your password. Also being aware that this might be ignored and that I don't want to see a reply saying 2FA can't be implemented right now.

New Message - The Spotify Community.png
Reply
20 Replies

Spotify says it's under consideration.

 

For how long? Who knows. 🤣

Spoiler
One of the largest online streaming music companies on the planet, still not providing the bare minimum of security. Unbelievable and lazy. If their excuse is that it is too complex to enable as Spotify runs on so many platforms, then they should at least provide it as an option. It should be a pre-requisite that if a company holds your financial information they should have to provide 2FA. 

I've seen a number of arguments about it being too much work to deal with 2FA on every log in. I can only guess that that is why 2FA is still "Under Consideration" after 5 years, but that argument is completely nullified if Spotify just makes the extra account security optional (e.g. Discord, Steam, Epic Games Store)

I've had to change my password twice in the last two months because there has been logins from Brazil. I'm from the UK. I've been a member for almost 10years now and this is making me want to look into other platforms. Please compliment 2FA

Exactly! Why don't Spotify have 2FA? I've people going into my account to play their own music so they can earn money from it and it's ridiculous. Absolutely ridiculous. Spotify better get their heads up, else I'll move to Apple Music.

Totally agree. Every basic app has 2FA these days. You're the global music streaming market leader, whats the hold-up Spotify? Whats the motive for not enabling it so far? Better Spotify usage stats? I have been using Spotify for years and love it, but will move to a different service if my account gets logged into by a stranger again.

 

Please enable 2FA to increase security ASAP. A overview of 'trusted/known' devices would also be a great addition imo. Thanks.

I absolutely agree. The fact that this post hasn't gotten any more attention or at least a comment from an actual Spotify employee is saying quite a lot. Especially because it was written with great care and detail. Someone actually spent the time giving you feedback Spotify. Please Acknowledge that.

Hey everyone,

Thanks for sharing you're feedback and concerns.

We want to reassure you that we've passed them on to the right folks and that the security of your accounts remains our top priority. The development team is constantly looking into new ways to increase the protection of our users and two-factor authentication is one of the mechanisms under consideration.

We recommend that you head over to the idea that requests the introduction of this features and +VOTE for it. We'll inform on any developments there, as soon as there are any. So make sure to subscribe, if you haven't already. 

 

In the meantime it's a good idea to check up on our tips on how to secure you're account in this Support article.

Hope you find this useful. Keep us posted if you have any questions.

 

Have a nice day!

Mihail Moderator
Help others find this answer and click "Accept as Solution".
If you appreciate an answer, maybe give it a Like.
Are you new to the Community? Take a moment to introduce yourself!

After this issue has been opened for 2 years now, I don't have high hopes that this will actually be addressed.

 

Please pass on that the lack of this feature is keeping customers like me from subscribing to your service. And I imagine there are many more like me.

Hopefully that isn't what they said. Xbox has 2FA, Sony, anything that runs your information for the most part has 2FA. Spotify is the only service I use without it and I refuse to give them my card numbers for Premium until I get 2FA. It baffles me people spent money on Premium when obviously people have access to the list of premium accounts since I know of a community through a friend where they use premium accounts to listen to ad free music.

"We want to reassure you that we've passed them on to the right folks and that the security of your accounts remains our top priority."

 

But it is still under consideration.
Where is this "top priority" you speak of?

As someone who has seen randomly liked songs on their Spotify account, I desperately want 2FA.

 

I check occasionally to see if Spotify has finally added this, and still see it's under consideration for years... YEARS!

 

I think we would all want to hear "were working on it" and maybe a ballpark figure when it can be launched.

 

I agree with the comment that says, if a company is handling financial information, they should be required to offer 2FA.

Hey there folks,

 

Thank you for your posts and feedback.

 

We're always testing things by adding or removing features to make Spotify better overall. In the meantime we suggest that you head over to this idea. You can leave a +VOTE and Subscribe to the thread for any updates.

 

Cheers!

JeremyModerator
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Live, love, laugh and listen to music 🙂

better hurry

breach.png

Same, I am seek of people accessing my account from all over the world...

 

At some point, someone's gonna have to smack down a class action lawsuit for willfully putting your users' online security at risk. There's not even a barebones security system, even login history is missing. You're handling payment details, email addresses, dates of birth, country/region..

 

How about this, if you can't be bothered to put up a 2FA system, at least enable users to lock their login to their country/region, so nobody OUTSIDE of that region can access it. That seems easy enough that EVEN SPOTIFY'S management can afford it.

You DON'T NEED TWO-FACTOR AUTHENTICATION FOR EVERY LOGIN! Just AT LEAST add it for any account changes like changing the account email and password.

I would like to see it for all logins though to keep people from just USING your account too. Really, how many times do you "LOGIN" I haven't done so in a very long time. Even if you did need to login often, you login on your phone and check the little box that says don't ask for 2FA on this device or on computer same thing.

I know the reason why there's no 2 factor auth...
https://www.youtube.com/watch?v=whQ8UBoz-To

I don't mean to shoot the messenger here, but just poking the dev team to "do something about it" isn't going to change much. I assume they've been poked hundreds of times. Actions speak louder than words.

"the security of your accounts remains our top priority"

If it was your top priority to begin with, you'd do more to protect our security.

You'd remove producers who have 300 followers but 50,000 plays on their one song. You'd contacts account owners about logins from unknown locations.

You'd freeze accounts if they made 20 garbage playlists in a single hour and inform the owner that their account might have been compromised.

You'd be more careful about who you issue API keys to, because bots regain access to our accounts through registered apps. I'm sure not many people know to remove those apps after changing their password.

I'm not recommending Spotify to anyone I know and will actively tell people not to use it. Fix your dumpster fire. In the meantime I'll be sure to vote in the slim chance that the devs actually do anything about this.

Suggested posts