Recently, my account email was accessed and changed by an unknown party. I get it, could have been my fault (password phishing, breaking, etc.). But, I think it could have been prevented with another factor of authentication.
I only noticed the change because I check my email quite frequently. I'm afraid that if I hadn't caught the change quickly, then I would have lost all authority on my account.
The email that replaced MY email was very obviously a throwaway email (unpopular/unknown host site, as well as a obvious random identifying name). I think that there an be some location (IP) based authentication system that checks if you have ever logged on Spotify at that IP or in that geographical location before.
ALSO, you could also have some cross reference database with known host sites or some algorithm that predicts the likeliness of an email account being real (data on the account, date created, etc.). Not sure how plausible this solution is, but it seems that there would be an easier way to identify these fraudulent changes.
Updated on 2020-01-10
It's better to post each suggestion in it's separate thread. That way, users can vote on each one of your ideas.
In the meantime, a similar idea has been suggested here:
If possible, please vote for it, and add a comment there, so it may be considered. Any update on the matter should be posted there.
For more info on how the Ideas Board works, click here. 🙂