Spotify Community

Some press: Spotify Won’t Enable Two-Factor Authentication

Let's keep it coming!

Instagram hacked in a big way (6 million accounts)

http://gizmodo.com/instagram-done-got-hacked-1798732634

How long until we see such a serious Spotify hack? 

According to Instagram's blog, No passwords or other Instagram activity was revealed. (Apparently the random number string in the post's URL "is not permitted in this community"???)

I don't think 2FA would have helped in a situation such as this. 2FA only helps when passwords are leaked or brute-forced.

Having just received an email that my spotify email address was changed, unbeknownst to me, I would really appreciate a 2 factor authentiation option.  I have enabled it with all of my logins on sites that support it.  Please reconsider this sort of security feature. 

I know this is going to cause more work, but it is more difficult to get into accounts that use 2-factor authentication, you wouldn't have to be so particular with your privacy statement that is sent after someone got hacked if it was more difficult to get into and take control of someones account. You may want to rethink this. Any company not using 2 factor is not going to last, Google, Amazon they all have added it because of people getting hacked. I think your lack of response to something that has been requested for a few years tells us how much you care about your Customers and in turn the company.

This is absolutely ridiculous how Spotify will not support two-factor authentication. It is not only standard but also become a necessity for any Internet service. I shouldn't have to continuously manage my own security by signing out of all sessions and changing my password whenever I find someone randomly listening on my account. If this is not going to be implemented then I will have to switch streaming music providers to another company that takes their user's security seriously.

In an age with fingerprint technology and mandatory 2fa on any site worth a darn, Spotify sit in their armchair made in switzerland some time in the 1920s.

"Ho-ho, Geoffrey, can you believe that people get their spotify accounts hacked?",

"Are you kidding? In today's age where hackers run spam bots and force crack accounts? Impossible, my password is 20 characters long - it'll take 1 machine 10 years!"

"Oh, but they can run thousands of these bots, can't they?"

"Don't be preposterous - you think they have the time to run multiple iterations of the same password cracker on millions of users? I simply don't believe you. Tell the plebians that they just need to put a bunch of exlamation marks - they'll be fine".

You guys just revisited this, but my account being hacked has me very much wanting this. 

Hi and sorry for butting in!

but I would seriously second that 2-way auth system! (Or as an additional though, get an automated email system saying to people that you don't recognise the devices of other devices other than the ones you usually login to.)

I've aparently been hacked without me noticing recently, indicating people for 2 months back had been adding themselves to family-sharing feature which now exists.

So instead of paying 99SKR I had to pay 149SKR two months straight!

And a little bit more angry respons:

thanks for NOT letting me know beforehand for the attempt! Dx

Alright, I am done with ranting xD

I hope this message will speed things up for 1 way or another to implement something! 😄

Awesome, really good security options being dropped... at least let us use another authentication services that are way more secure to create an account, without using passwords.

This are best practices used by all the big players.