Help Wizard

Step 1



Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...


Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...


[All Platforms][Other] 2-Factor Authentication

Spotify should, as a matter of good practice and safety, implement 2-step authentication.


Previously, Spotify enabled the option to log out other sessions other than the current session.


This would prevent hackers from stealing accounts, which would additionaly lead to less account hacks and less work for Spotify employees to assist in these cases.


More info:

Updated on 2018-10-18

Hi everyone, thanks for bringing us your feedback in the Spotify Idea Exchange. We’re ready to mark this idea as ‘Under Consideration’. 


We are currently investigating various solutions for account security for our users, e.g. 2-factor authentication. Any news regarding user-facing security updates will be posted to this thread as a status change.


If you'd like further information about protecting your account please visit our Support Site here.




I totally agree.

Multi-factor authentication adds an additional layer of security to the login process by requiring users to provide two or more forms of identification, such as a password and a fingerprint or a password and a one-time code sent to a phone. This makes it much more difficult for hackers to gain unauthorized access to user accounts, as they would need to have access to multiple forms of identification.

A company with hundreds of millions of users that does not use multi-factor authentication is at a higher risk of security breaches, as hackers may be able to gain access to a large number of user accounts with just a single set of login credentials. This not only puts the company's reputation at risk, but also the personal information and data of its users. Additionally, the company could also be liable for any financial losses or damages suffered by users as a result of the security breach.


There are several laws and regulations that may require companies to use multi-factor authentication, depending on the industry and location.


In the United States, the Payment Card Industry Data Security Standard (PCI DSS) requires multi-factor authentication for remote access to cardholder data by employees, as well as for certain types of transactions, such as those made with a card that is not present.

In the healthcare industry, the Health Insurance Portability and Accountability Act (HIPAA) requires that covered entities and their business associates implement technical safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). This may include multi-factor authentication for remote access to ePHI.


In the European Union, the General Data Protection Regulation (GDPR) requires companies to implement appropriate technical and organizational measures to protect personal data, including using multi-factor authentication where appropriate.


Additionally, there are other laws and regulations, such as the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation, that requires multi-factor authentication for certain types of transactions, such as those involving banking and financial services.


Spotify, as a streaming service provider, may not be subject to the same laws and regulations as a company in the financial or healthcare industry. However, it still collects and stores personal information of its users, such as their name, email address, and listening history. Therefore, it's important for Spotify to implement appropriate security measures to protect this personal information, including multi-factor authentication, to protect the integrity and confidentiality of their user's data.


Spotify also accepts payment for its premium services, so they could be considered a company who handle payment information and they would be subject to the Payment Card Industry Data Security Standard (PCI DSS) which requires multi-factor authentication for remote access to cardholder data by employees, as well as for certain types of transactions, such as those made with a card that is not present.


While Spotify may not be subject to the same specific laws and regulations as a company in a heavily regulated industry, it is still responsible for protecting the personal information of its users and should consider implementing multi-factor authentication as a best practice for ensuring the security of user accounts.


Ignoring customer demand for a security feature such as multi-factor authentication for an extended period of time could be seen as a lack of concern for the security and privacy of their users. This could be considered bad conduct of service, as it suggests that the company is not taking the necessary steps to protect its users' personal information.


It's important for companies to stay up-to-date with industry best practices for security, and to respond to customer demand for features that can help protect their personal information. In this case, if Spotify has ignored customer demand for multi-factor authentication for an extended period of time, it could be perceived as a disregard for the security and privacy of their users.


Regardless, if Spotify has ignored customer demand for multi-factor authentication for over 8 years, it is highly recommended that they consider implementing this feature as soon as possible to ensure the security and privacy of their users.


Customers who are concerned about the lack of multi-factor authentication on Spotify's platform may have several legal options available to them. However, it is important to note that the specific legal options available will depend on the laws and regulations in the jurisdiction in which the customer resides, as well as the specific circumstances surrounding the case.


It's also worth mentioning that customers can  express their dissatisfaction and demand for this feature through social media, customer support and other communication channels, to put pressure on the company to implement this feature. But since this has been done now for 8 years maybe some would consider the following:


One option available to customers is to file a complaint with the relevant regulatory body or government agency. For example, in the United States, customers may file a complaint with the Federal Trade Commission (FTC) if they believe that Spotify has engaged in unfair or deceptive business practices.


Another option is to take legal action against Spotify. Customers may be able to file a lawsuit against the company for a failure to provide reasonable security measures to protect their personal information. This would require proving that Spotify had a duty to protect their personal information, that Spotify failed to fulfill that duty, and that this failure caused the customer to suffer some sort of harm.


Additionally, customers can also consider taking collective legal action with a class action lawsuit. This is when a large number of people sue a company together, and can be a more efficient way to pursue legal action.


It's important to consult with legal professionals to understand the specific legal options available in your jurisdiction and circumstances.



This reasonable feature request is now eight years old!

I look forward to MFA being implemented sometime before Spotify reaches the age of majority.
Or before it goes the way of Myspace, whichever happens first.


This request is literally eight years old. How is Spotify still not able to give us this? Why should anyone continue to pay for such a cheap app that can't implement even the most basic features?


For myself I’ll give Spotify 7 months. No MFA, the I cut the service and go with the Fruity Co. I’m time for the holidays. At the very least they care about security. The only thing I’ll miss is the crossfade feature 😞

Exactly. It’s in extremely poor taste that in this day and age Spotify STILL hasn’t implemented basic security measures like this.

I’m of the opinion that at this point we should all just say **bleep** it and not renew premium until they get off their asses and implement MFA/2FA and if they don’t then we just switch to using a different service that actually gives a damn about protecting their user’s accounts and data.

in all honesty Spotify should 100% be subject to legal ramifications for their continued disregard for security and the requests from their users.

I personally won’t be renewing my premium now it’s expired and if by the end of the year they STILL haven’t implemented MFA/2FA I’ll move to a different service and delete my Spotify all together.


I decided to contact support directly again this week on this issue. And believe me, I often get right on the support's nerves about it. This time not via Twitter, but by mail. The following constellation has arisen, translated into English by deepl.

Request to Sportify:


Hello Spotify Team,

I'm always trying to find out on the channels you guys offer like this, how it *finally* looks like with two-factor authentication.

It's about the following live idea:

Once again, I ask you for a very honest answer to the question, is 2FA coming and if so, when? And if no, why not. I ask not to get a 0815 standard copy-and-paste answer. This kind of answer I and the meanwhile more than 7,800 upvoters have heard more than enough and are very tiring.

The ignorance that the Idea team addresses on the subject is beyond words by now.


Response from Spotify:

Hello [name],

Thank you for contacting us. We're glad to hear that the idea of two-factor authentication is of interest to you.

Other listeners seem to like this idea as well. We have made sure that your feedback will be forwarded to the appropriate team and your opinion will be taken into account in future updates. However, we can't tell you exactly when new changes will be made. However, we recommend that you always keep the Spotify app up to date.

If you need any further support, we'll be happy to help.

Best regards


My response:

Hello [supporter name],

and this is exactly the type of response I did not want to receive. This is unfortunately a copy-paste standard mail....


Response from Spotify:

Hello [name],

Thank you for your feedback.

Don't worry, as mentioned earlier, we have forwarded the information to the appropriate team. We are not allowed to share any further information. We ask for your understanding.

If you have any further questions, please let us know.

Best regards


As far as 2FA is concerned, I'm basically drawing my conclusions for good.

At this point it’s clear that Spotify is writing our concerns about security off and most likely won’t bother to implement 2FA.

What I’m gathering from the generic copy-paste responses from Spotify and the timeframe since we first asked for 2FA is that they WILL NOT implement 2FA unless we literally force them to do so in order to avoid legal ramifications for failing to appropriately secure user data.

we need to be spamming their app in the App Store/play store with 1 star review regarding this and even go so far I would say as to report them to our local authorities that handle making sure services properly secure user data for continuing to fail to do so.

This is appalling behaviour from Spotify and if we band together in this and kick up enough of a stink over it that it makes Spotify appear to be absolute**bleep** as a service we might just have a chance.

shame on you Spotify.


This is absolutely needed. Spotify accounts get hacked and stolen every day just like mine was. Spotify needs to offer a better way to make customer accounts more secure. Thank you.


I want Spotify to add a 2-step verification option to secure our accounts. Today someone hacked my account and even though they couldn't steal any personal or sensitive data (like my credit card info or such) I still had my playlists meddled with. Recovering my account was easy due to the Log out of every device option +  a Password change, but still, this shouldn't happen and in 2023 I find it incredible for one, if not the most significant music streaming app not to have a 2-step verification option. Please implement this as soon as possible before something really bad happens to someone (or their account) due to the lack of this simple additional security measure every other service/app has nowadays.

Just emailed Spotify directly and will update on their response.

this is what I have sent:

“I’m emailing directly to voice my immense displeasure at the shoddy state of Spotify’s account security and continued failure to implement two factor authentication in order to sufficiently secure users accounts.
Myself and many other users have repeatedly suffered unauthorised access to our accounts and no amount of changing our passwords will effectively eliminate this problem.
Two factor authentication WILL address this security problem.
Users have been asking for this security feature since AT LEAST 2018 as evidenced in this community thread:
 [Linked to this thread]

It’s now 2023 and you STILL haven’t implemented this basic security feature. It also appears that Spotify is blatantly disregarding and ignoring user concerns regarding the lack of two factor authentication and shoddy account security.
When we contact Spotify on this matter the only responses we are recieving is generic copy-paste empty assurances.
I like many other users am quickly becoming fed up with this dismissal by Spotify.
Spotify’s behaviour (or lack thereof) has made me and no doubt many other users lose faith in Spotify and the Spotify team and it’s becoming abundantly clear that if we want decent account security our only options are to leave Spotify and move to an alternative music service that actually listens to its users and appropriately secures accounts OR forcing Spotify to implement appropriate account security through legal action.
At this point I am strongly considering looking into reporting Spotify to my local relevant authorities for the continued and prolonged failure to implement appropriate account security measures.
You can only dismiss the concerns of your users for so long before we get sick and tired of your lack of communication, lack of action and generic excuses.
Do better.”
here is the response I received which is a bit less copy-paste generic garbage than usual:
“Hi there,

Thanks for reaching out. We understand that you'd like to have a requested feature be implemented on Spotify. We'll shed some light with you regarding this.

We're sorry to hear you're unhappy. We’re always working on new ways to improve Spotify and really appreciate your feedback on this!

We hope you’ll continue to use the app and find it gets better in future.

While we can’t confirm if or when this is due to be released, it’s the sort of thing we talk with our product teams about. We'll make sure your voice is heard in those discussions.

As soon as we’ve got anything to announce, we’ll let everyone know via the Spotify Community.

If you have other questions or concerns, we're just an email away.

Until then,”
Honestly after their behaviour I don’t buy that they are actually considering it but hopefully if enough of us threaten legal action they’ll do something at least.