Spotify should, as a matter of good practice and safety, implement 2-step authentication.
Previously, Spotify enabled the option to log out other sessions other than the current session.
This would prevent hackers from stealing accounts, which would additionaly lead to less account hacks and less work for Spotify employees to assist in these cases.
More info: https://twofactorauth.org
Updated on 2017-08-29
Hey @ThomasVH we've revisited this idea with the teams behind logging into Spotify. We've decided not to move forward with two-factor authentication at this time.
If you're interested in security, we do have some tips to protect your Spotify account here. Of course if our status on this changes we will let you all know right here. Thanks!
The earliest request that I have found for Spotify to support 2FA actually predates this thread by years: 2013 (over 4 years ago). Spotify closed all older threads in favour of this younger one. Go figure.
Someone was using my spotify account (I still have no idea how, since I have 2 factor on facebook and I use facebook for logins).
I just canceled my subscription until this gets implemented on spotify, since the alternative (google music) has it.
2FA. Great idea. A must for securing any account web facing.
I couldn't agree more, I love Spotify but I'm shocked that they do not have a better system in place for protecting their customer's accounts. It seems like this issue has happened to A LOT of other people (including myself the other day).
I also noticed that this suggestion for 2-factor auth was originally posted in 2015 and NOTHING HAS BEEN DONE? That's ridiculous!!! If Spotify doesn't make security changes to protect their customers ASAP then I'll defininitely be switching to a different service.
How can you read these pages and not immediately be convinced? Holy **bleep** Spotify... How about instead of redesigning your UI for the 7th time just spend 5 days on implementing this. It's completely open source **bleep**, it's barely any effort and equivent in security to not having passwords on accounts
Staggering. I'll be cancelling my subscription.
I won't pay Spotify for insecure login.
Considering your steps to recover your account if it's been hacked is toensure you have 2FA enabled in your email and Facebook, it's a bit rich foryou to say you won't implement it yourself. It might be hard for you to dobut it doesn't mean it's not the correct thing to do. It tells us that youdon't value our security so long as those subscriptions keep rolling in.This is genuinely the type of issue that would see me look elsewhere for asteaming service.
@Meredith this decision really does disgust me. I've said it before and I will say it again - 2FA is an essential part of account security; passwords just aren't secure anymore. I don't understand why Spotify has such a big issue implementing 2FA when the technology to do so is completely open-source, well supported and widely available. It just shows a complete disregard for the security of your customers and, as a Computer Science student it sickens me to have to just sit back and watch as you continue to make minor, insignificant adjustments to your service before implementing security features that are now considered an industry standard.
Please, sort out your priorities and protect the security of your users.
The first line of the guide Protect your Spotify account goes "At Spotify, we care deeply about the safety of your personal data." What an absolute joke, when you will not implement basic security meassures such as 2FA.