Help Wizard

Step 1


[All Platforms][Other] 2-Factor Authentication

Spotify should, as a matter of good practice and safety, implement 2-step authentication.


Previously, Spotify enabled the option to log out other sessions other than the current session.


This would prevent hackers from stealing accounts, which would additionaly lead to less account hacks and less work for Spotify employees to assist in these cases.


More info:

Updated on 2018-10-18

Hi everyone, thanks for bringing us your feedback in the Spotify Idea Exchange. We’re ready to mark this idea as ‘Under Consideration’. 


We are currently investigating various solutions for account security for our users, e.g. 2-factor authentication. Any news regarding user-facing security updates will be posted to this thread as a status change.


If you'd like further information about protecting your account please visit our Support Site here.


You guys just revisited this, but my account being hacked has me very much wanting this. 


Hi and sorry for butting in!

but I would seriously second that 2-way auth system! (Or as an additional though, get an automated email system saying to people that you don't recognise the devices of other devices other than the ones you usually login to.)

I've aparently been hacked without me noticing recently, indicating people for 2 months back had been adding themselves to family-sharing feature which now exists.

So instead of paying 99SKR I had to pay 149SKR two months straight!

And a little bit more angry respons:

thanks for NOT letting me know beforehand for the attempt! Dx


Alright, I am done with ranting xD


I hope this message will speed things up for 1 way or another to implement something! 😄


Awesome, really good security options being dropped... at least let us use another authentication services that are way more secure to create an account, without using passwords.


This are best practices used by all the big players.


Wow that's horrifically unprofessional in the year 2017.


Are you kidding me?
2-Factor autentication is not a priority?
I was hacked just this month, and this is what you have to say... This is a HUGE F*ck you to customers!


I think that Multi-Factor Authentication is very important and that you should reconsider your position when it comes to that.


I know I replied to this post half a year ago already, but since nothing has changed, let's do it again.


I saw the post where Spotify decided to not "move forward with 2FA at this time". If that doesn't scream incompetence, I don't know what does. 2FA is- most of the time- not the hardest thing to implement. And apart from new UI designs (which- are just getting worse), I don't see any reason for a "but we're busy with other stuff" excuse from the software engineer department.


And for something as trivial as music with payment data and personal info, that should not longer be an extra, but the default. Every big company has done it, and Spotify is not some "poor little startup"- if you are, then we have different problems- like losing our music when you go bankrupt, so I assume you aren't.


This is basically you saying that every one of your paying customers can sod off and you don't care about them, their data, their security or anything. They're a nice number until they get hacked, but even when Spotify gets hacked, you probably won't notice- only the customers will. So why bother?


Premium user here. I just fired up Spotify today to find it playing on some device called "munns ipod touch". I don't know anybody who even has an iPod touch (really, who does?), so I can only assume that either my account was hacked, or there's been some corruption of Spotify's account database. Either way, not pretty.


Of course I deleted the device and changed my password, but I can't help wondering why Spotify don't have a 2FA option that would eliminate this as a problem.


...because they don't care.


(but they should care)


I'm a premium user. I've had my account hacked before and was luckily able to change my password and stop the hacker in time before he/she made any changes to my account. But it shouldn't have happened in the first place! It's horrifying to see how easy it is for a hacker to access my account. I was lucky to be able to stop the hacker in time, but I've seen how easy it would be for a hacker to lock you out of your account once he/she manages to get in.


There are no security questions, no 2-step verifications (whether by email or phone), nothing to protect our security other than constantly changing our password. Well, guess what? Passwords can be leaked. There needs to be additional security to our account, especially for premium users.


Why are you not moving forward with the 2-step verification? It's a huge security issue for those of us who are paying for your services.