Announcements

Help Wizard

Step 1

NEXT STEP

[All Platforms][Other] 2-Factor Authentication

Spotify should, as a matter of good practice and safety, implement 2-step authentication.

 

Previously, Spotify enabled the option to log out other sessions other than the current session.

 

This would prevent hackers from stealing accounts, which would additionaly lead to less account hacks and less work for Spotify employees to assist in these cases.

 

More info: https://twofactorauth.org

Updated on 2018-10-18

Hi everyone, thanks for bringing us your feedback in the Spotify Idea Exchange. We’re ready to mark this idea as ‘Under Consideration’. 

 

We are currently investigating various solutions for account security for our users, e.g. 2-factor authentication. Any news regarding user-facing security updates will be posted to this thread as a status change.

 

If you'd like further information about protecting your account please visit our Support Site here.

Comments
joeycjohn191

Proposal:

Spotify should alter its security system design to allow for 2-Factor Authentication or have a method in place to allow for users to confirm that they are indeed the logging into a device. 

 

Reason for Request:

I like to use Spotify at work. My work has very strict network security measures in place and as such utilize private network and proxy. Every time that I log into the desktop Spotify App on my work computer, I receive the following email 6-7 hours later:

joeycjohn191_0-1698949005408.png

 

I've lost count of the number of times that I have received this email and have had to reset my password as I'm trying to use Spotify on my phone after my drive back from work.

 

The email offers no way to way to inform Spotify that this was in fact you but only demands you reset your password. I would have even been willing to pay the extra 5$ (VERY begrudgingly) for Duo thinking that maybe if Spotify thought I had 2 accounts they wouldn't bother me but when I asked Spotify customer support, they stated that the level of my subscription plan would not fix this issue for me.

 

Justification:

2-Factor Authentication is almost universal and a necessity in today's day and age. Additionally, most applications today allow for some sort of confirmation via the user's email or text asking for confirmation of login or at the very least warning of suspicious activity BEFORE enforcing a pure reset and logout. Implementing either of these solutions would not only supplement the existing account security safeguards but also save me the pain of resetting my password for a 50th time.

 

Please Spotify I'm begging you. I've had this account for more than a decade, please don't make me switch.  

 

 

 

 

 

 

ParentalControl

Progress!

 

We can now remove the email and password sign in method from our account and strictly use a third-party sign in provider that has two factor authentication setup such as google, Facebook or Apple.

 

https://support.spotify.com/us/article/login-methods/

 

Going to log in method you will see the option to trash bin the email and password option removing this junky sign in method.

313sf6qcao2sqi435fuf

I support your wonderful idea. I want to add another option, which is to change my email, except by sending a code message to an email that has been verified as changed. 

313sf6qcao2sqi435fuf

I have it in my account. Is there anyone who has it? 

Poliwag25
 
I propose the addition of 2-Factor Authentication (2FA) as an optional security feature for Spotify accounts. 2FA has become a standard practice for online security and offers an additional layer of protection for user accounts. In today's digital landscape, ensuring the safety of user data is of utmost importance, and 2FA can help accomplish that.
 
Here are some key benefits of implementing 2FA:
 
Enhanced Account Security: 2FA prevents unauthorized access, even if someone obtains a user's password.
 
User Trust: Offering 2FA as an option demonstrates Spotify's commitment to user privacy and security, building trust and confidence in the platform.
 
Peace of Mind: Users can enjoy their music without worrying about the security of their accounts.
 
I believe this is a feature that many users are actively seeking, and it could greatly enhance their Spotify experience. I kindly request that you seriously consider this suggestion.
harry_rulesall

I would not like to use my account with facebook/google/apple due to privacy concerns. I would like to keep on using an account which is not shared by third parties as I don't see the need for sharing my spotify usage with them through a paid account.

 

I also think 2FA is neccessary in 2023 as a basic authentication option.

Ozito

I've been paying for almost 10 years now, am I really gonna have to cancel by sub just to make a statement!? This is ®🇪 🇹  🇦DED!! I don't want to connect my account with those other data mining companies just to have 2fa! It's a lazy solution and not welcome at all.

Flagg2kj

The best we can do (which is what I do) is to use a temporary (disposable) email. Apple’s Hide My Email is the best to do this. You don’t even have to use your real name. Anything happens, just make a new email, new name, whatever. 

Next, join Privacy.com for free to use virtual credit cards connected to your money account with TOTAL CONTROL.  Anything happens just delete the card. 

I’ve had this set up for a few years now. 

minerole

2fa is a standard thing across many platforms as it should be. If im going to be paying for something I want to have a peace of mind that no one can access my account 

TheMitry

Boggles the mind that Spotify expects premium users to specify a credit card on a single factor authenticated account. The fact that I’m reading suggestions given like “use Facebook to sign in” is the most ridiculous solution given yet. Its like saying enter your house from the inconvenient rear steel-gated padlocked door but not from the front flyscreen only one. Like as if a hacker is going to hack your facebook to gain access when this single factor authentication flyscreen door is still in play.

 

This thread has been active since 2018 and not a thing has changed. Speaks volumes