Announcements

Help Wizard

Step 1

NEXT STEP

[All Platforms][Other] 2-Factor Authentication

Submitted by on ‎2015-01-24 09:05 PM
Status: Under Consideration

Spotify should, as a matter of good practice and safety, implement 2-step authentication.

 

Previously, Spotify enabled the option to log out other sessions other than the current session.

 

This would prevent hackers from stealing accounts, which would additionaly lead to less account hacks and less work for Spotify employees to assist in these cases.

 

More info: https://twofactorauth.org

Updated on 2018-10-18

Hi everyone, thanks for bringing us your feedback in the Spotify Idea Exchange. We’re ready to mark this idea as ‘Under Consideration’. 

 

We are currently investigating various solutions for account security for our users, e.g. 2-factor authentication. Any news regarding user-facing security updates will be posted to this thread as a status change.

 

If you'd like further information about protecting your account please visit our Support Site here.

See more ideas labeled with:
Comments
Lekkersetje
Newbie
2025-08-07 10:38 AM

Any changes so far?

0 Likes
SaschaG1
Newbie
2025-08-07 11:14 AM

German astrophysicist Harald Lesch once said with a laugh: “That's a wonderful question. There's a simple answer. No.”

KiritoKuroFaita
Visitor
2025-09-01 09:06 PM

Today my account got hacked. But not to hijack it no. Just to listen to music like what. Its still so weird there is no 2FA in 2025.

fluffyhoney
Newbie
2025-09-04 05:06 PM

This idea is not unique, but sadly none of the other posts are getting any attention.

 

Please give us the option for real 2FA via an authentication app. Codes via email are simply not enough. Especially since you're just delegating the responsibility to provide security to the email providers. It's the responsibility of Spotify to give us this minimum of security. And I might add that Spotify very late by still not having provided this. It is standard practice on almost any other online platform for several years now. 

 

I actually talked to the support, and found out that artists have this option, just not us "normal" users. They justified this with the security of the artists financial data. It seems quite unreasonable seeing that there are many Premium customers that should be provided with a minimum of security.

0 Likes
FiloPod
Newbie
2025-09-25 08:46 AM

Truth is that MFA is a standard and a must have feature of any self-respecting app. The fact that Spotify does not have it is just mind-boggling

0 Likes
oki25660-FR
Newbie
2025-09-27 01:18 PM

🔐 L’importance de l’authentification à 2 facteurs (2FA) pour protéger les comptes

🎯 Pourquoi l’authentification à 2 facteurs est essentielle
Beaucoup de comptes se font pirater parce qu’un mot de passe ou une adresse e-mail fuitent.
Le problème ? Quand un pirate change le mot de passe ou l’adresse mail, l’utilisateur n’a souvent aucun moyen de prouver que c’est bien lui… sauf s’il a activé la 2FA.

👉 Avec une vérification à 2 facteurs avant tout changement sensible (mot de passe, adresse e-mail), la majorité des piratages seraient évités.

⚠️ Un autre gros souci : les e-mails de confirmation
Aujourd’**bleep**, certains services (ex : Spotify) envoient des mails avec un gros bouton vert “confirmer”, qui inspire confiance.
Problème : si l’utilisateur n’est pas à l’origine de la demande, il risque de cliquer dessus par erreur et de valider le piratage.

💡 Bonne pratique :

Mettre un avertissement clair et visible en rouge : “Si vous n’êtes pas à l’origine de ce changement, NE CLIQUEZ PAS !”

Utiliser un design qui alerte (rouge, gras, icônes de danger) et non un bouton vert rassurant.

📝 Exemple personnel
Mon compte Spotify a été piraté le 27/09/2025 via mon adresse Google compromise.
J’ai pu le récupérer grâce à mon numéro de téléphone lié à ce compte. Mais si je n’avais pas eu ce numéro, je n’aurais jamais pu le reprendre.

👉 Les pirates utilisent souvent des tokens d’authentification ou des mots de passe volés, puis changent l’adresse mail pour bloquer l’utilisateur.

Conclusion

Activez l’authentification à 2 facteurs partout où c’est possible.

Les plateformes doivent revoir l’ergonomie des mails de sécurité pour éviter de tromper les utilisateurs.

📸 Captures d’écran du piratage récent :

https://www.noelshack.com/2025-39-6-1758968757-capture-d-cran-17.png
https://www.noelshack.com/2025-39-6-1758968757-capture-d-cran-13.png
https://www.noelshack.com/2025-39-6-1758968757-capture-d-cran-16.png
https://www.noelshack.com/2025-39-6-1758971061-capture-d-cran-20.png


👉 Question ouverte : comment un utilisateur pourrait récupérer son compte si son numéro de téléphone n’était pas lié, et que le pirate avait remplacé son adresse mail par la sienne ?

0 Likes
Sholva81
Newbie
2025-10-10 04:48 AM

If you don't add it in the next few months I will move to another streaming service for music that has it

0 Likes
danshumaker
Visitor
11 days ago

For login verification and/or security - 2FA apps are much more user friendly and just as secure as email code sending.   Having to go to email to get a code copy from that window/app then go back to the Spotify site/app is VERY cumbesome.  

 

Conversely, if you use an app like 1Password and it has a browser extension, then submitting the user login and code is instantaneous and automatic.

 

Also, please NEVER EVER implement the image captcha verification methods because they are the absolute most annoying things in the world.

0 Likes
jesusjimsa
Newbie
10 days ago

More that 10 years since this was opened and still no 2FA...

0 Likes
NeilGirdhar
Casual Listener
3 days ago

2FA is a great idea.  But please don't make it the old style text message/email. Instead use the modern: OATH OTP (TOTP).

0 Likes

Related Ideas