Announcements
The Spotify Stars Program: Celebrating Values Week!

Help Wizard

Step 1

NEXT STEP

[All Platforms][Other] 2-Factor Authentication

Spotify should, as a matter of good practice and safety, implement 2-step authentication.

 

Previously, Spotify enabled the option to log out other sessions other than the current session.

 

This would prevent hackers from stealing accounts, which would additionaly lead to less account hacks and less work for Spotify employees to assist in these cases.

 

More info: https://twofactorauth.org

Updated on 2018-10-18

Hi everyone, thanks for bringing us your feedback in the Spotify Idea Exchange. We’re ready to mark this idea as ‘Under Consideration’. 

 

We are currently investigating various solutions for account security for our users, e.g. 2-factor authentication. Any news regarding user-facing security updates will be posted to this thread as a status change.

 

If you'd like further information about protecting your account please visit our Support Site here.

Comments
meahtenoha
Status changed to: Not Right Now

Updated on 2017-08-29

Hey @ThomasVH we've revisited this idea with the teams behind logging into Spotify. We've decided not to move forward with two-factor authentication at this time. 

If you're interested in security, we do have some tips to protect your Spotify account here. Of course if our status on this changes we will let you all know right here. Thanks!

GJX

How can you read these pages and not immediately be convinced? Holy **bleep** Spotify... How about instead of redesigning your UI for the 7th time just spend 5 days on implementing this. It's completely open source **bleep**, it's barely any effort and equivent in security to not having passwords on accounts 

bhogben

Staggering. I'll be cancelling my subscription.

 

I won't pay Spotify for insecure login.

hamstervision

Considering your steps to recover your account if it's been hacked is to
ensure you have 2FA enabled in your email and Facebook, it's a bit rich for
you to say you won't implement it yourself. It might be hard for you to do
but it doesn't mean it's not the correct thing to do. It tells us that you
don't value our security so long as those subscriptions keep rolling in.
This is genuinely the type of issue that would see me look elsewhere for a
steaming service.

traynoronline

@meahtenoha this decision really does disgust me. I've said it before and I will say it again - 2FA is an essential part of account security; passwords just aren't secure anymore. I don't understand why Spotify has such a big issue implementing 2FA when the technology to do so is completely open-source, well supported and widely available. It just shows a complete disregard for the security of your customers and, as a Computer Science student it sickens me to have to just sit back and watch as you continue to make minor, insignificant adjustments to your service before implementing security features that are now considered an industry standard.

 

Please, sort out your priorities and protect the security of your users.

Guut_Boy

The first line of the guide Protect your Spotify account goes "At Spotify, we care deeply about the safety of your personal data." What an absolute joke, when you will not implement basic security meassures such as 2FA.

traynoronline

Given the recent update by Spotify, I would urge everyone to go and sign my petition at the link below. It's now more important than ever that we get as many signatures as possible to show Spotify how important 2FA is to their users.

 

https://www.change.org/p/spotify-implement-2-factor-authentication

 

Please share this link with your friends, family, colleagues, etc - clearly we need to send a message to Spotify to be heard, so this is what we will do.

Guut_Boy

@traynoronlineI dont really see the point in a petition. People can support this course by simply voting and commenting in this thread. It is a much more direct and focused channel of communication with Spotify than some external petition site.

traynoronline

@Guut_Boy my thinking behind an external petition is that not everyone likes to be active on a forum - its much easier to spread the word and gain support via a link to a petition because more people will be willing to sign it. While forums are great for gaining support, they're not made for everyone. The fact that this thread only has 568 votes at the time of writing is just proof of that; there's no way only 568 Spotify users care about 2FA - they just don't want/don't know how to access and be an active member on the forum.

msephton

...but the petition only has 11 signatures? 

 

My vote for to raising awareness that Spotify are reluctant to implement 2FA despite regular account compromises. To that end, I've just contacted some journalists.

 

This is a truly appalling decision by Spotify.