[Security] 2-Factor Authentication

Spotify should, as a matter of good practice and safety, implement 2-step authentication.


Previously, Spotify enabled the option to log out other sessions other than the current session.


This would prevent hackers from stealing accounts, which would additionaly lead to less account hacks and less work for Spotify employees to assist in these cases.


More info: https://twofactorauth.org

Updated on 2018-10-18

Hi everyone, thanks for bringing us your feedback in the Spotify Idea Exchange. We’re ready to mark this idea as ‘Under Consideration’. 


We are currently investigating various solutions for account security for our users, e.g. 2-factor authentication. Any news regarding user-facing security updates will be posted to this thread as a status change.


If you'd like further information about protecting your account please visit our Support Site here.


Sooo, where is it?

Not applicable

2020 will it be the year ?

Gig Goer

This idea is from several years ago and yet this still has not been implemented. What on earth is wrong with you spotify? Add it already this is standard to so many services, and desperately needed right now.


This is crazy, how does a service like Spotify NOT YET HAVE 2FA?! I've just had my account taken over, and fortunately Spotify support were very helpful and quick to give my access back. But come on...it shouldn't have been this easy to take over my account. 2FA isn't a premium feature anymore, It's basic security 101.


Regardless of what else is on your development timeline, 2FA should be at the very top. Get on to it guys...


This is desperately needed. I’m considering switching to Apple Music only because of the constant security issues. The number of posts on Reddit each day regarding accounts being hacked is frightening. People are having hackers do all sorts of weird things and it’s only a matter of time before our payment info is compromised. Spotify, you need to address this! 


Surely this shouldn’t be ‘under consideration’ - this should be standard practice?!


it's been two years.....how is this not a thing yet?




Please find my UX case study and prototype idea on two step authentication for Spotify 🙂



Not applicable

Spotify removed offline device management in the account settings and you can no longer view what devices have accses to your account anymore wow seriously wow i will never spend another dime on spotify again idc if you even add 2fa seriously **bleep** spotify no wonder user accounts get **bleep**ed what a shady greedy company

Casual Listener

I very much like janaVTL's idea of using ambiant noise as a second factor of authentication, the problem is that you may be login in at your home, or at work, or on the plane, in which the ambiant noise isn't the same. Nothing beats the good 'ol 2FA from Google which uses a key and the current time to generate a code that changes every 30sec.