Hopefully that isn't what they said. Xbox has 2FA, Sony, anything that runs your information for the most part has 2FA. Spotify is the only service I use without it and I refuse to give them my card numbers for Premium until I get 2FA. It baffles me people spent money on Premium when obviously people have access to the list of premium accounts since I know of a community through a friend where they use premium accounts to listen to ad free music.
We're always testing things by adding or removing features to make Spotify better overall. In the meantime we suggest that you head over to this idea. You can leave a +VOTE and Subscribe to the thread for any updates.
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
At some point, someone's gonna have to smack down a class action lawsuit for willfully putting your users' online security at risk. There's not even a barebones security system, even login history is missing. You're handling payment details, email addresses, dates of birth, country/region..
How about this, if you can't be bothered to put up a 2FA system, at least enable users to lock their login to their country/region, so nobody OUTSIDE of that region can access it. That seems easy enough that EVEN SPOTIFY'S management can afford it.
You DON'T NEED TWO-FACTOR AUTHENTICATION FOR EVERY LOGIN! Just AT LEAST add it for any account changes like changing the account email and password.
I would like to see it for all logins though to keep people from just USING your account too. Really, how many times do you "LOGIN" I haven't done so in a very long time. Even if you did need to login often, you login on your phone and check the little box that says don't ask for 2FA on this device or on computer same thing.
I don't mean to shoot the messenger here, but just poking the dev team to "do something about it" isn't going to change much. I assume they've been poked hundreds of times. Actions speak louder than words.
"the security of your accounts remains our top priority"
If it was your top priority to begin with, you'd do more to protect our security.
You'd remove producers who have 300 followers but 50,000 plays on their one song. You'd contacts account owners about logins from unknown locations.
You'd freeze accounts if they made 20 garbage playlists in a single hour and inform the owner that their account might have been compromised.
You'd be more careful about who you issue API keys to, because bots regain access to our accounts through registered apps. I'm sure not many people know to remove those apps after changing their password.
I'm not recommending Spotify to anyone I know and will actively tell people not to use it. Fix your dumpster fire. In the meantime I'll be sure to vote in the slim chance that the devs actually do anything about this.