What a joke. 10 years down the line and nothing from Spotify whatsoever, excluding a page that briefly allows you to see 2FA options before redirecting. This is embarrassing from such a mature company in this day and age. 

I got hacked on April 26th 2025
Why TF is 2FA not enabled in 2025!

I also got my account hijacked today, which was already the 2nd time, the same happened several years ago. I fail to understand why 2FA still is not possible for spotify accounts

Guys, those of you facing frequent hacking attempts on your Spotify account, please use long passwords. Only part of it needs to be randomly generated characters. The hackers don't know which part are the tricky characters (don't use the beginning or end of the password) or the length of your password. Entropy is very high.

As long as you use good passwords, 2FA is mostly not necessary. Spotify internally should be locking down IP's which attempt to bruteforce passwords, with longterm blocks for those doing so regularly.

Apparently the situation is bad enough that Spotify is forcing login OTP by email now, which I loathe. It's almost a reason to leave Spotify (the main reason would be the poor royalty split to artists, but my partner refuses to look elsewhere and Spotify's weekly and new releases playlists help me to more new music than any other service, and I've tried them all).

Now that we can remove the password, spotify has implemented a new log in page. It now sends a one time 6 digit code to your email that's on file which is a nice feature improving security as long as you keep your email two factor secure.

Great job spotify.

Uncoy dont lie to people. Its unethical and unprofessional. Maybe you should actually research actual proper cybersecurity best practices before you spread misinformation

 Thanks

Soc analyst comptia cysa and security+

my main spotify account has been hacked TWICE.  we NEED 2-Factor Authentication.

You are creating a topic on community to see how many people wants to see 2 Factor Authentication. It's 2025 and I couldn't believe this is even being discussed. The way it being discussed is disgusting.

It is really worrying that in 2025, Spotify (a leading tech company) still does not offer 2FA account security to all users.

Right now a lot of old legacy companies that are usually not very advanced in tech are now adding Passkeys to their website and apps. Not just 2FA, but jumping to the latest security standard which is Passkeys.

Spotify shouldn't just be adding 2FA now, but now also Passkeys.

The time is now, please add better account security.