[Security] 2-Factor Authentication

Spotify should, as a matter of good practice and safety, implement 2-step authentication.

 

Previously, Spotify enabled the option to log out other sessions other than the current session.

 

This would prevent hackers from stealing accounts, which would additionaly lead to less account hacks and less work for Spotify employees to assist in these cases.

 

More info: https://twofactorauth.org

Updated on 2018-10-18

Hi everyone, thanks for bringing us your feedback in the Spotify Idea Exchange. We’re ready to mark this idea as ‘Under Consideration’. 

 

We are currently investigating various solutions for account security for our users, e.g. 2-factor authentication. Any news regarding user-facing security updates will be posted to this thread as a status change.

 

If you'd like further information about protecting your account please visit our Support Site here.

Comments
dj_si

I agree with the recent comments about profits and greed - after seven years it's blatantly obvious that Spotify have no intention of improving security because that would mean them spending money (i.e. cutting into profits) paying their tech team to develop, test and implement 2FA, which is something that doesn't benefit Spotify at all, only their users. Their previous comment that 2FA "is currently not a specific legal requirement and Spotify has other appropriate security measures in place in order to protect our user accounts from security threats" is nothing but pure arrogance.

 

I've worked in the IT industry for decades and have seen this all before - senior management care only about profits and ignore security until there's a major data breach, and they then make generic platitudes along the lines of "We are urgently investigating the data breach and will take steps to prevent it from happening again, but be assured that security of our users' data is our top priority", which of course is utter horse ++++ when they've consistently ignored requests for 2FA for seven years!

 

Unfortunately, dumping Spotify and switching to a different service will not make a difference regarding this issue, as Spotify clearly don't care.

It's been 7 years and still no 2FA. I'm done with Spotify.

zenwu

Having a 2015 thered running on 2022 and there's no 2FA tells you all you need to know about Spotify, recently lot of my friends who are on an annual plan got their account hacked and lost their money for the plan they paid.

 

MalikP_EU

I am using Apple music like 3rd year but last 2 months i almost every week getting mail 

 

"

Time’s ticking.
3 months for 5.99 EUR.

"

 

your spotify :D... i always put the mail to the right place ...trash 😄 .. now i start to think about to create rule...

jesusjimsa

Seven years in Under Consideration, congratulations!

Soon we will have the 10 year anniversary party for the first time users asked Spotify to add 2-Factor Authentication. Everybody who has voted for this, every hacker and every Spotify employee will be invited!

nell

Last time I posted in this thread was on December 27, 2021 (on page 60 for those who may be curious). My first post was on October 14, 2019 and my problem is both consistent and persistent.

 

Since my last post five months ago, I've had 73 e-mails to reset my password. I did not request a single e-mail to reset my password, and if I had I would certainly never do so in Russian, German, Portugese, or Finnish.

In the past 12 months, the total number of requests is well above 150. I'm sure the actual number is higher, because I've  likely deleted a few e-mails too from simple exhaustion. The whole thing really is absolutely ridiculous.

 

So my account is secured only by the safety of my password (which is, of course, as secure as I can make it). In today's digital landscape, a trash heap like Spotify's user account security should be more embarrassing.

cristiangavidia

I recommend that you use both factors and have them written down on paper in a drawer at home and another in the eraser on your computer or Mac. This way you will never lose access and you will save delays in the future with your login.

MalikP_EU

@cristiangavidia

"I recommend that you use both factors"

 

Could you explain me what are these 2 factors you wrote about ?

G_Loc

^^ "cristiangavidia" is a spam bot

MalikP_EU

Ah thanks 😄