Why is 2FA still not a thing in 2020?!

Reply

Why is 2FA still not a thing in 2020?!

Franic
Visitor

So I had to change my unique password for Spotify the fourth time since I decided to buy the premium and I'm really annoyed with the way hacked accounts/paying customers are treated with the lack of safty of their accounts which people put their credit card information into.

My big question is: Why in the blue heavens is 2FA for Spotify still not a thing in 2020?!

I know that I'm not the only one wondering why it isn't implemented by now.
Like I said I had to change it the fourth time now. Every password I had for Spotify I created for just Spotify alone and I keep getting those Low-Fi songs in my Recently played listed.
But why? I'm a Rap & Hip Hop listener!
Why would I listen to that if it's not for me. I don't know the bands/producers, I'm not into that genre of music and I don't want it anything to do with it.

I know for a fact that I don't got on those songs by accident or whatever reason you could pull out. I ALWAYS listen to the songs I favorited, so it would be impossible to get to that music in the first place.

So what does that mean? Well I have to assume someone got into my account right? I've checked that no other devices are connected aside from my PC and phone and forcefully disconnected any devices multiple times, but it keeps showing me those songs after a while, then I change my password, it stays away and then it those songs show up again.

I'm absolutely annoyed that there is nothing I can do to secure my premium account, which I pay for, other then changing my password.
Since when is it the job of the customer to make sure their accounts are safe and do the nessesary precautions to somehow fight an invisible bad guy which maybe got your information already and you can't do nothing else then change your password again?
It isn't and especially it shouldn't.
There is 2FA for everything right now and for a good reason. You guys would be a lot less "busy" with hacked accounts if you implemented a secure system for 2FA. But why bother right?

I'm fully aware that this might be fully ignored or some dumb "automatic-reply-bot" answer getting posted. Trust me I saw the post on here from 2015 where the people from Spotify replied in 2017.

If I get a responds back I hope it's a solid one because if I see that it basically contains the meaning that 2FA can't be implemented right now then I'm **bleep** and cancel my premium that day or even sooner, depending on how long a reply is gonna take.

Not gonna lie, I like Spotify but the lack of security and reading about countless people getting their account hacked or credit card information messed with is not gonna keep me here until 2021 if this keeps getting ignored.
Account safety should be one big priority for a subscription service, especially with all the hackers around the world attacking governments, news stations, websites and whatever else. Do we really need another Playstation Network hacker attack to prove that this is no laughing matter in 2020?

So my final words here before a TL:DR is gonna be:
Please get your head in the game and catch up with your account security flaws because there are enough accounts hacked already.

Edit before posting: putting 2FA in the labels is not available here? Are you kidding?! (Screenshot attached)


TL:DR - 2FA still not implemented, getting random songs in Recently played list, 2FA being everywhere except here, and nothing you can do about people in your account, which you pay for and have no security over, other then changing your password. Also being aware that this might be ignored and that I don't want to see a reply saying 2FA can't be implemented right now.

New Message - The Spotify Community.png
20 Replies

GoatyGuy
Newbie

I know the reason why there's no 2 factor auth...
https://www.youtube.com/watch?v=whQ8UBoz-To

kennethv21
Visitor

Same, I am seek of people accessing my account from all over the world...

 

k09ndju7qd5wmad
Visitor
I absolutely agree. The fact that this post hasn't gotten any more attention or at least a comment from an actual Spotify employee is saying quite a lot. Especially because it was written with great care and detail. Someone actually spent the time giving you feedback Spotify. Please Acknowledge that.

Mihail
Moderator
Moderator

Hey everyone,

Thanks for sharing you're feedback and concerns.

We want to reassure you that we've passed them on to the right folks and that the security of your accounts remains our top priority. The development team is constantly looking into new ways to increase the protection of our users and two-factor authentication is one of the mechanisms under consideration.

We recommend that you head over to the idea that requests the introduction of this features and +VOTE for it. We'll inform on any developments there, as soon as there are any. So make sure to subscribe, if you haven't already. 

 

In the meantime it's a good idea to check up on our tips on how to secure you're account in this Support article.

Hope you find this useful. Keep us posted if you have any questions.

 

Have a nice day!

MihailModerator
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
 
“Music is a language that doesn’t speak in particular words. It speaks in emotions, and if it’s in the bones, it’s in the bones.” - Keith Richards

Eversome
Newbie
I don't mean to shoot the messenger here, but just poking the dev team to "do something about it" isn't going to change much. I assume they've been poked hundreds of times. Actions speak louder than words.

"the security of your accounts remains our top priority"

If it was your top priority to begin with, you'd do more to protect our security.

You'd remove producers who have 300 followers but 50,000 plays on their one song. You'd contacts account owners about logins from unknown locations.

You'd freeze accounts if they made 20 garbage playlists in a single hour and inform the owner that their account might have been compromised.

You'd be more careful about who you issue API keys to, because bots regain access to our accounts through registered apps. I'm sure not many people know to remove those apps after changing their password.

I'm not recommending Spotify to anyone I know and will actively tell people not to use it. Fix your dumpster fire. In the meantime I'll be sure to vote in the slim chance that the devs actually do anything about this.

Ivan
Moderator
Moderator

Hey everyone, 

 

Thank you for all the feedback you’ve given us so far.

 

We want to let you know that we take both account security and the artificial manipulation of streaming activity on our service extremely seriously. We also would like to highlight some of the actions that @Eversome pointed out should be taken if that is indeed the case.

 

Spotify employs multiple detection measures to monitor consumption on the service in order to investigate such activity and we continue to refine those processes. Part of this are email notifications we send to users every time a new login has been detected, as described by @Eversome. Just recently we also ran a test that would prevent usage if an email wasn't verified as part of our continuous efforts to improve security.

 

As with any measure that could lead to legitimate account holders losing access to a service, we need to do our due diligence with rigorous testing to ensure there are as little friction or inconvenience as possible. For the time being, besides the mentioned notifications, we have built and provided tools in place that can help you quickly resolve an issue by yourself. Our support team will of course also be happy to assist you in regaining full control over your account. We also strive to provide information on how to protect your Spotify account. In both instances we try and raise awareness of the third party apps that @Eversome also mentions.

 

Regarding unauthorized streams, there are actually consequences of those and we utilize both technical and manual measures to monitor activity and action is taken, again just as @Eversome correctly states should be done. If you ever come across any suspicious activity on Spotify, reach out to our support team and make sure to report it so it can be investigated.

 

We realize this thread is gone a bit off topic with lots of questions in one place and some speculation of what is and is not done being mixed with it all. It’s for this reason we’re going to lock the thread. Since the best way for us to gather your feedback is via the Idea Exchange with one thread for each topic we suggest having a look at this idea. Check out this article for more info on how ideas work.  

 

Thanks! 

IvanModerator
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
“Music is the wine that fills the cup of silence.” - Robert Fripp

lylesback
Visitor

As someone who has seen randomly liked songs on their Spotify account, I desperately want 2FA.

 

I check occasionally to see if Spotify has finally added this, and still see it's under consideration for years... YEARS!

 

I think we would all want to hear "were working on it" and maybe a ballpark figure when it can be launched.

 

I agree with the comment that says, if a company is handling financial information, they should be required to offer 2FA.

Jeremy
Moderator
Moderator

Hey there folks,

 

Thank you for your posts and feedback.

 

We're always testing things by adding or removing features to make Spotify better overall. In the meantime we suggest that you head over to this idea. You can leave a +VOTE and Subscribe to the thread for any updates.

 

Cheers!

JeremyModerator
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Live, love, laugh and listen to music 🙂

yaedo
Visitor

better hurry

breach.png

genuineferetta
Newbie

At some point, someone's gonna have to smack down a class action lawsuit for willfully putting your users' online security at risk. There's not even a barebones security system, even login history is missing. You're handling payment details, email addresses, dates of birth, country/region..

 

How about this, if you can't be bothered to put up a 2FA system, at least enable users to lock their login to their country/region, so nobody OUTSIDE of that region can access it. That seems easy enough that EVEN SPOTIFY'S management can afford it.

dvmierlo
Regular

"We want to reassure you that we've passed them on to the right folks and that the security of your accounts remains our top priority."

 

But it is still under consideration.
Where is this "top priority" you speak of?

Paleran
Newbie

After this issue has been opened for 2 years now, I don't have high hopes that this will actually be addressed.

 

Please pass on that the lack of this feature is keeping customers like me from subscribing to your service. And I imagine there are many more like me.

PleaseEnable2FA
Casual Listener

Totally agree. Every basic app has 2FA these days. You're the global music streaming market leader, whats the hold-up Spotify? Whats the motive for not enabling it so far? Better Spotify usage stats? I have been using Spotify for years and love it, but will move to a different service if my account gets logged into by a stranger again.

 

Please enable 2FA to increase security ASAP. A overview of 'trusted/known' devices would also be a great addition imo. Thanks.

Gusttox
Casual Listener

Exactly! Why don't Spotify have 2FA? I've people going into my account to play their own music so they can earn money from it and it's ridiculous. Absolutely ridiculous. Spotify better get their heads up, else I'll move to Apple Music.

Jok0
Casual Listener

I've had to change my password twice in the last two months because there has been logins from Brazil. I'm from the UK. I've been a member for almost 10years now and this is making me want to look into other platforms. Please compliment 2FA

user-removed
Not applicable

I've seen a number of arguments about it being too much work to deal with 2FA on every log in. I can only guess that that is why 2FA is still "Under Consideration" after 5 years, but that argument is completely nullified if Spotify just makes the extra account security optional (e.g. Discord, Steam, Epic Games Store)

jefferyshall
Casual Listener

You DON'T NEED TWO-FACTOR AUTHENTICATION FOR EVERY LOGIN! Just AT LEAST add it for any account changes like changing the account email and password.

I would like to see it for all logins though to keep people from just USING your account too. Really, how many times do you "LOGIN" I haven't done so in a very long time. Even if you did need to login often, you login on your phone and check the little box that says don't ask for 2FA on this device or on computer same thing.

引きこもり
Roadie

Spotify says it's under consideration.

 

For how long? Who knows. 🤣

minimarty
Newbie
Spoiler
One of the largest online streaming music companies on the planet, still not providing the bare minimum of security. Unbelievable and lazy. If their excuse is that it is too complex to enable as Spotify runs on so many platforms, then they should at least provide it as an option. It should be a pre-requisite that if a company holds your financial information they should have to provide 2FA. 

Skats6
Newbie
Hopefully that isn't what they said. Xbox has 2FA, Sony, anything that runs your information for the most part has 2FA. Spotify is the only service I use without it and I refuse to give them my card numbers for Premium until I get 2FA. It baffles me people spent money on Premium when obviously people have access to the list of premium accounts since I know of a community through a friend where they use premium accounts to listen to ad free music.
SUGGESTED POSTS