Help Wizard

Step 1


[All Platforms][Other] 2-Factor Authentication

Spotify should, as a matter of good practice and safety, implement 2-step authentication.


Previously, Spotify enabled the option to log out other sessions other than the current session.


This would prevent hackers from stealing accounts, which would additionaly lead to less account hacks and less work for Spotify employees to assist in these cases.


More info:

Updated on 2018-10-18

Hi everyone, thanks for bringing us your feedback in the Spotify Idea Exchange. We’re ready to mark this idea as ‘Under Consideration’. 


We are currently investigating various solutions for account security for our users, e.g. 2-factor authentication. Any news regarding user-facing security updates will be posted to this thread as a status change.


If you'd like further information about protecting your account please visit our Support Site here.


I think that Multi-Factor Authentication is very important and that you should reconsider your position when it comes to that.


I know I replied to this post half a year ago already, but since nothing has changed, let's do it again.


I saw the post where Spotify decided to not "move forward with 2FA at this time". If that doesn't scream incompetence, I don't know what does. 2FA is- most of the time- not the hardest thing to implement. And apart from new UI designs (which- are just getting worse), I don't see any reason for a "but we're busy with other stuff" excuse from the software engineer department.


And for something as trivial as music with payment data and personal info, that should not longer be an extra, but the default. Every big company has done it, and Spotify is not some "poor little startup"- if you are, then we have different problems- like losing our music when you go bankrupt, so I assume you aren't.


This is basically you saying that every one of your paying customers can sod off and you don't care about them, their data, their security or anything. They're a nice number until they get hacked, but even when Spotify gets hacked, you probably won't notice- only the customers will. So why bother?


Premium user here. I just fired up Spotify today to find it playing on some device called "munns ipod touch". I don't know anybody who even has an iPod touch (really, who does?), so I can only assume that either my account was hacked, or there's been some corruption of Spotify's account database. Either way, not pretty.


Of course I deleted the device and changed my password, but I can't help wondering why Spotify don't have a 2FA option that would eliminate this as a problem.


...because they don't care.


(but they should care)


I'm a premium user. I've had my account hacked before and was luckily able to change my password and stop the hacker in time before he/she made any changes to my account. But it shouldn't have happened in the first place! It's horrifying to see how easy it is for a hacker to access my account. I was lucky to be able to stop the hacker in time, but I've seen how easy it would be for a hacker to lock you out of your account once he/she manages to get in.


There are no security questions, no 2-step verifications (whether by email or phone), nothing to protect our security other than constantly changing our password. Well, guess what? Passwords can be leaked. There needs to be additional security to our account, especially for premium users.


Why are you not moving forward with the 2-step verification? It's a huge security issue for those of us who are paying for your services.


Are this still not implemented? I've really no good words to explain how stupid this is. 


By not enabling us to do so is a BIG mistake by you. I hope you change your minds, and realize that you're going to HAVE to enable this for us. 


Most places/ sites have 2 factor authentication why not Spotify?? Do you guys not want the best protection possible for user's accounts??


It's shocking that Spotify doesn't back 2FA.


Why would they decide not to implement 2FA? The only reason i can think of is the cost of development, which shouldn't be the reason why the implementation should be held back.


Hey, I am quite sad to read that Spotify decided not to move forward with this idea, for now. While I perfectly understand the hassle and the possible user confusion about them, there are relatively seamless 2FA methods to authentication users, such as U2F tokens and Duo Push. Also Spotify already deploys mobile apps, so there could also be a confirmation alert window popping when there is an authentication attempt on the web interface. While I appreciate the security advices to harden one's account, password-only is really obsolete, as of 2017, and several security agencies push toward more secure authentication schemes. This is particularly true considering Spotify password policy tolerates fairly weak passwords, at time of writing. Could you please reconsider? 🙂 ❤️ Thanks.


 As someone who just had their account compromised I would welcome this feature. It should defintely be necessary with pretty much any software we have today with all the data getting compromised.