Announcements

Help Wizard

Step 1

NEXT STEP

[All Platforms][Other] 2-Factor Authentication

Spotify should, as a matter of good practice and safety, implement 2-step authentication.

 

Previously, Spotify enabled the option to log out other sessions other than the current session.

 

This would prevent hackers from stealing accounts, which would additionaly lead to less account hacks and less work for Spotify employees to assist in these cases.

 

More info: https://twofactorauth.org

Updated on 2018-10-18

Hi everyone, thanks for bringing us your feedback in the Spotify Idea Exchange. We’re ready to mark this idea as ‘Under Consideration’. 

 

We are currently investigating various solutions for account security for our users, e.g. 2-factor authentication. Any news regarding user-facing security updates will be posted to this thread as a status change.

 

If you'd like further information about protecting your account please visit our Support Site here.

Comments

Exactly. It’s in extremely poor taste that in this day and age Spotify STILL hasn’t implemented basic security measures like this.

I’m of the opinion that at this point we should all just say **bleep** it and not renew premium until they get off their asses and implement MFA/2FA and if they don’t then we just switch to using a different service that actually gives a damn about protecting their user’s accounts and data.

in all honesty Spotify should 100% be subject to legal ramifications for their continued disregard for security and the requests from their users.

I personally won’t be renewing my premium now it’s expired and if by the end of the year they STILL haven’t implemented MFA/2FA I’ll move to a different service and delete my Spotify all together.

SaschaG1

I decided to contact support directly again this week on this issue. And believe me, I often get right on the support's nerves about it. This time not via Twitter, but by mail. The following constellation has arisen, translated into English by deepl.

Request to Sportify:

 

Hello Spotify Team,

I'm always trying to find out on the channels you guys offer like this, how it *finally* looks like with two-factor authentication.

It's about the following live idea: https://community.spotify.com/t5/Live-Ideas/Security-2-Factor-Authentication/idi-p/1017889

Once again, I ask you for a very honest answer to the question, is 2FA coming and if so, when? And if no, why not. I ask not to get a 0815 standard copy-and-paste answer. This kind of answer I and the meanwhile more than 7,800 upvoters have heard more than enough and are very tiring.

The ignorance that the Idea team addresses on the subject is beyond words by now.

 

Response from Spotify:

Hello [name],

Thank you for contacting us. We're glad to hear that the idea of two-factor authentication is of interest to you.

Other listeners seem to like this idea as well. We have made sure that your feedback will be forwarded to the appropriate team and your opinion will be taken into account in future updates. However, we can't tell you exactly when new changes will be made. However, we recommend that you always keep the Spotify app up to date.

If you need any further support, we'll be happy to help.

Best regards

 

My response:

Hello [supporter name],

and this is exactly the type of response I did not want to receive. This is unfortunately a copy-paste standard mail....

 

Response from Spotify:

Hello [name],

Thank you for your feedback.

Don't worry, as mentioned earlier, we have forwarded the information to the appropriate team. We are not allowed to share any further information. We ask for your understanding.

If you have any further questions, please let us know.

Best regards

 

As far as 2FA is concerned, I'm basically drawing my conclusions for good.

At this point it’s clear that Spotify is writing our concerns about security off and most likely won’t bother to implement 2FA.

What I’m gathering from the generic copy-paste responses from Spotify and the timeframe since we first asked for 2FA is that they WILL NOT implement 2FA unless we literally force them to do so in order to avoid legal ramifications for failing to appropriately secure user data.

we need to be spamming their app in the App Store/play store with 1 star review regarding this and even go so far I would say as to report them to our local authorities that handle making sure services properly secure user data for continuing to fail to do so.

This is appalling behaviour from Spotify and if we band together in this and kick up enough of a stink over it that it makes Spotify appear to be absolute**bleep** as a service we might just have a chance.

shame on you Spotify.

azzabar2003-us

This is absolutely needed. Spotify accounts get hacked and stolen every day just like mine was. Spotify needs to offer a better way to make customer accounts more secure. Thank you.

Merchan92

I want Spotify to add a 2-step verification option to secure our accounts. Today someone hacked my account and even though they couldn't steal any personal or sensitive data (like my credit card info or such) I still had my playlists meddled with. Recovering my account was easy due to the Log out of every device option +  a Password change, but still, this shouldn't happen and in 2023 I find it incredible for one, if not the most significant music streaming app not to have a 2-step verification option. Please implement this as soon as possible before something really bad happens to someone (or their account) due to the lack of this simple additional security measure every other service/app has nowadays.

Just emailed Spotify directly and will update on their response.

this is what I have sent:

“I’m emailing directly to voice my immense displeasure at the shoddy state of Spotify’s account security and continued failure to implement two factor authentication in order to sufficiently secure users accounts.
Myself and many other users have repeatedly suffered unauthorised access to our accounts and no amount of changing our passwords will effectively eliminate this problem.
Two factor authentication WILL address this security problem.
Users have been asking for this security feature since AT LEAST 2018 as evidenced in this community thread:
 
 [Linked to this thread]

It’s now 2023 and you STILL haven’t implemented this basic security feature. It also appears that Spotify is blatantly disregarding and ignoring user concerns regarding the lack of two factor authentication and shoddy account security.
When we contact Spotify on this matter the only responses we are recieving is generic copy-paste empty assurances.
I like many other users am quickly becoming fed up with this dismissal by Spotify.
Spotify’s behaviour (or lack thereof) has made me and no doubt many other users lose faith in Spotify and the Spotify team and it’s becoming abundantly clear that if we want decent account security our only options are to leave Spotify and move to an alternative music service that actually listens to its users and appropriately secures accounts OR forcing Spotify to implement appropriate account security through legal action.
At this point I am strongly considering looking into reporting Spotify to my local relevant authorities for the continued and prolonged failure to implement appropriate account security measures.
You can only dismiss the concerns of your users for so long before we get sick and tired of your lack of communication, lack of action and generic excuses.
Do better.”
 
here is the response I received which is a bit less copy-paste generic garbage than usual:
 
“Hi there,

Thanks for reaching out. We understand that you'd like to have a requested feature be implemented on Spotify. We'll shed some light with you regarding this.

We're sorry to hear you're unhappy. We’re always working on new ways to improve Spotify and really appreciate your feedback on this!

We hope you’ll continue to use the app and find it gets better in future.

While we can’t confirm if or when this is due to be released, it’s the sort of thing we talk with our product teams about. We'll make sure your voice is heard in those discussions.

As soon as we’ve got anything to announce, we’ll let everyone know via the Spotify Community.

If you have other questions or concerns, we're just an email away.

Until then,”
 
Honestly after their behaviour I don’t buy that they are actually considering it but hopefully if enough of us threaten legal action they’ll do something at least.
Minasi

7 years and none? This night someone invaded my account. So what? What can I do else, but only change my pass? Com'on Spotify!!!

u6quco2kewer9lq8o0pl

Add more security options to the main Premium Family account in order to get more secure and less annoying solution

 

These days i'm victim of account hacking attempts.
I have to reset my password multiple times. As i use very strong password, i think that i'm still safe but having to reset such strong multiple times on a short period of time is really annoying.

Can we consider add a security option in order to block any connection attempts from a foreign IP using an unknow device (every device should be already known from the targeted account) ?
And i mean that it could be a (un)checkable option in the security configuration of the account in order to let the ability to add a new account when travelling out the country.

The goal is to avoid having to reset password and reconnect every single device (smartphone, Google TV, computer app or browser) everytime the Spotify is detecting a hacking attempt. When using very strong password it's really pain in the ass.

Thank your for the great app and service!

The_Orange_Frog

Added 2FA to my WordPress site the other day. Took five minutes.

 

Yes, Spotify is a much larger company with much larger systems. Yes, it would take them longer than five minutes. But it shouldn't take them over five years.

Akélé

According to Have I Been Pwned my personal information have been leaked trough YOUR system, the compromised data include: my e-mail adress (hopefully it got no personnal info in it since it's just secondary), my IP adress (hopefully it's just a generated one thanks to a VPN), and MY PASSWORD.

Someome just had access to all my playlists, listening history,...

In the European Union, a company's client data is protected by the the General Data Protection Regulation (RGPD in french).

As a result, a data breach exposes a company to heavy legal penalties (up to €20 million or 4% of annual turnover).

Mary mother of god, all this could have been avoided if you gave more §hit about your users' security.

Excuse my english, I'm a french speaker.