Announcements

Help Wizard

Step 1

NEXT STEP

[All Platforms][Other] 2-Factor Authentication

Spotify should, as a matter of good practice and safety, implement 2-step authentication.

 

Previously, Spotify enabled the option to log out other sessions other than the current session.

 

This would prevent hackers from stealing accounts, which would additionaly lead to less account hacks and less work for Spotify employees to assist in these cases.

 

More info: https://twofactorauth.org

Updated on 2018-10-18

Hi everyone, thanks for bringing us your feedback in the Spotify Idea Exchange. We’re ready to mark this idea as ‘Under Consideration’. 

 

We are currently investigating various solutions for account security for our users, e.g. 2-factor authentication. Any news regarding user-facing security updates will be posted to this thread as a status change.

 

If you'd like further information about protecting your account please visit our Support Site here.

Comments
Rangednare

@uncoy. It's about dataleaks and stolen accounts. You can get spotify premium for 5 dollar (one-time-payment) because of stolen accounts. You get a username and password and enjoy the premium till the owner managed to dissable the payment methode.

Or they join other people with subsciption.

 

I know 2fa isn't fully secure but you can't get that easy acces anymore and you'll know in an instant when your password is leaked so you can change it fast. Start with 2fa via email/sms. That works aswell

 

Clearly Spotify isn’t going to do a thing about this. I contacted support again on the matter and this time I didn’t recieve a generic copy-paste response. So that’s one improvement in the usual response.

they assured me that they are considering 2FA and are apparently posting updates on their progress in this thread (not that I’ve seen ANY activity from spotify support here).

I replied asking for proof that what I was told is actually happening. Support skirted around my request for any sort of proof and did not provide any.

My decision at this point is to export my playlists and such then delete my account altogether and rebuild my playlists via other means.

The lack of account security and continued failure to address the matter from support is simply not worth sticking around and I’m not about to stay and show spotify that they can get away with inaction and lies and still keep their users.

miesedaap

Come on, Spotify. It's been EIGHT YEARS since the idea was launched. You only care about artists since you gave an option for them to enable 2FA using authenticator apps. 🇪-🇮-🇬-🇭-🇹  🇫-🇺-🇨-🇰-🇮-🇳-🇬  🇾-🇪-🇦-🇷-🇸 

 

I know a lot of Telegram accounts and channels providing and selling legit combo lists that can be used for credential stuffing. 2FA protects users from credential stuffing attempts!

t3chfre4k

I just sent spotify this message in their survey:

I'm going to gather as many people I can and file a class action lawsuit, to whom who you neglected ENISA's recommendations of using multi factor authentication stated under the GDPR law.
You're handling sensitive personal data like addresses, bank account info and PayPal billing data. It could cost you €20 million, or 4% annual global turnover in fines.
You've neglected the users demand for MFA for eight years according to the idea forum thread on this matter.

 

---------

 

So if any of you users who live in Europe and have had your accounts hacked. Please write a comment here and share your story. We need to make spotify understand what they're doing is against the law, when people clearly have been subjected to Spotify's lack of user protection by not implementing Multi Factor Authentication.

walp
They don't know your PayPal credentials, only your PayPal email address.
t3chfre4k

Well ain't that cute? I'm trying to help and this wise guy comes in to point things out.

Well thank you. With credentials I didn't mean your login per se, but they have the permission to rip money straight out of your PayPal account sir. Hackers are nifty and since Spotify's security is poor af, would you feel safe knowing Spotify doesn't give a flying fork about if they accidentally let things get into hacker's hands... like the ability to bill your PayPal account on the behalf of Spotify? Well, I for sure ain't feeling too excited about their blatant behavior towards their users.

 

PS. Thanks for the comment dude. I love the constructive ones.

walp
Calm down. Not being wise, just helping you not looking stupid in front of
a court but okay, shoot the ones that are on your side..
t3chfre4k

Well, this isn't court. But thanks goose for having my back not making me look stupid in a presumptive court by making me look stupid in a public forum instead. Well, I reformulated what I meant so I hope that sorted any uncertainties. And yes I'm calm, but I'm tired of Spotify and their sh*t, and on top of that I'm not here to be outwitted by other users. I'm here to try to solve a problem for myself and others, as this is a forum where the users should stand together against Spotify. Read back if you'd like to see my capabilities on legal technicalities.

I'll take it as you wanted to help out then. No hard feelings.

walp
Oh boy these guys. Nvm, good luck then.
LordBBQBoxDaddy

I feel like this is seriously needed for them as I have had my account hacked twice now.