Announcements

Help Wizard

Step 1

NEXT STEP

[All Platforms][Other] 2-Factor Authentication

Spotify should, as a matter of good practice and safety, implement 2-step authentication.

 

Previously, Spotify enabled the option to log out other sessions other than the current session.

 

This would prevent hackers from stealing accounts, which would additionaly lead to less account hacks and less work for Spotify employees to assist in these cases.

 

More info: https://twofactorauth.org

Updated on 2018-10-18

Hi everyone, thanks for bringing us your feedback in the Spotify Idea Exchange. We’re ready to mark this idea as ‘Under Consideration’. 

 

We are currently investigating various solutions for account security for our users, e.g. 2-factor authentication. Any news regarding user-facing security updates will be posted to this thread as a status change.

 

If you'd like further information about protecting your account please visit our Support Site here.

Comments
p2oi3x_-o0lkl

Bump, +1 for YubiKey support please; and a +10 for no pointless SMS implementation

 

Edit:

I've just noticed this was requested in Jan 2015... for a company dealing with payment information it's a joke that some form of MFA hasn't been implemented, especially given how trivial it is. Yes, YubiKey support is an extra hurdle; but TOPT has long been standardised.

Jekkelock

Is this a joke?

I can develop a simple 2fa system as a first year computer science student. And they PAY these people with years of experience to have useless meetings while they cant add a core security feature since 2015. Elon should buy spotify and fire 85% of the staff there

aidanhak

How is it that Artists can enable 2FA on the same exact page as users, but we still don't have 2FA yet as users? What the heck is the hold up?

ParentalControl

Maybe even utilizing passkeys from apple and chrome.

Flagg2kj

It seems that because of the fact that Spotify users are able to sign out of their account from all existing devices instantly, Spotify may think this is more than enough “security” and it’s better than nothing.  
Spotify: “Hey, be happy you have crossfade!”

Soebren

I really do not understand why you are not doing it, you are just postponing it by saying "we have passed it through to the security team etc etc".

At this point Spotify does not have a good excuse or/and reasoning for not providing the multi factor auth option. 

The budget is there, the necessity for the technology is there, the people that want it are here. The only thing that is not there is Spotify that can't get their priorities straight. 

As an IT'er and someone to whom music means a whole lot, I am constantly being tempted to change music platforms, and it will not take very long before I change.

Artists that are way underpayed, Spotify Connect that has a clear limit on the amount of devices to whom the qeue is synced, No option to see logged in devices, no MFA, absolute garbage shuffle algorithm...

 

Myldosz

Not to mention that you don't even get to know if someone did make changes on your account if they get in. For exaple what discord  or facebook account you have connected to your accout.

boredmen

Hey Spotify!

I've been a loyal customer for many years, but the way that you've been dragging your heels on this has me considering your competition... Don't leave us waiting for an update for 5 years after marking it "Under Consideration"

edocastri

I'm having random account access from other countries even with a secure random generated password.

Please activate Google Auth, or at least give some option to create a country blacklist ip or something.

I'm paying Spotify every month, and even free services got better security.

IMPLEMENT-2FA

At this rate, a nuclear war will probably start first before consideration is done for multi-factor authentication for your paying customers.