[Security] 2-Factor Authentication

Spotify should, as a matter of good practice and safety, implement 2-step authentication.

 

Previously, Spotify enabled the option to log out other sessions other than the current session.

 

This would prevent hackers from stealing accounts, which would additionaly lead to less account hacks and less work for Spotify employees to assist in these cases.

 

More info: https://twofactorauth.org

Updated on 2018-10-18

Hi everyone, thanks for bringing us your feedback in the Spotify Idea Exchange. We’re ready to mark this idea as ‘Under Consideration’. 

 

We are currently investigating various solutions for account security for our users, e.g. 2-factor authentication. Any news regarding user-facing security updates will be posted to this thread as a status change.

 

If you'd like further information about protecting your account please visit our Support Site here.

Comments
MralexH
Newbie

This has to be addressed ASAP Spotify! why are we paying for a service if it hasn't a proper security system?

vamillion92
Newbie

Hi guys, 

from a software developer's perspective, which I personally take, I understand the problems of handling a 2FA and creating a proper setup for mobile, web, tablet, etc. and NO, I won't go into details ;)!

Nonetheless, from a security standpoint, I agree with everyone here who says that 2FA is a must these days.
It's often the problem that developers, this is a rule of thumb for almost all software developers by the way, tend to worry about security at the end rather than the beginning.

With a little over 7,000 positive votes, and I'm guessing there would be more if people thought a little more about what they were doing on the WWW, and especially those in middle age knew what 2FA is all about, you should start working on it. I've definitely seen a few ideas, e.g. Google Auth, etc. (haven't read all the comments).

Also, I don't think everyone wants to see this set up correctly in the next 3 weeks.
But bringing it into your sprints is a clear recommendation!

 

By the way, this issue was rised in 2015, we got 2021 so you shoud think of it a bit FASTER!

 

If you want, you can send me a PM to discuss my comment in detail.
And because it's already too long!!!
Thanks for the great work you have done so far, because I must say it's a great platform!

 

Wubwubwooble
Newbie

At this moment in time, if someone were to guess your password, they would then have the ability to change it then and there, change the email associated with your account, quite possibly your username as well, -and- view your home address if you were unlucky enough to put that in. The first three items make it nearly impossible to recover the account, then you're just paying for Premium for some stranger.

 

In all honesty, I have no idea whatsoever why 2FA still hasn't been implemented with Spotify. I've been wanting to buy Premium for quite some time now, however the risk of losing my account in just three simple steps always stops me. I'm not putting my credit card information in a platform that doesn't have any sort of apparent security settings, especially after seeing dozens of horror stories of people getting hacked online.

 

So, uh... Yeah. Please implement two factor authentication, or I will continue to not buy premium. I'm sure there's hundreds if not thousands out there like me. 

MattSuda
Rock Star 24
Rock Star 24

Seriously!? What is taking so long to implement 2FA account security?

 

There are users being hacked and artist pages being hacked and vandalized.

 

Did you know there is no additional account security for most artists? Someone can just hack into an artist's Spotify Artists account with just username and password and vandalize their Spotify artist page.

 

Spotify now requires some users to enter their address for billing purposes. If someone hacked your account they could also see your address. The list goes on and on why we need 2FA account security...

 

This should be a top priority! Please implement 2FA! Almost every other platform already has 2FA to protect users and creators / artists.

tpohlsch
Newbie

Fun fact: the "Security / Protect your account" page in a nutshell reads: "use what everybody else is offering to contribute to account security, because we're to **bleep** lazy to do more than the bare minimum ourselves..."

TTarik2
Newbie

I have had my account hacked a couple of times, and I cannot fathom why Spotify doesn't have 2FA.

 

The security tips that they provide are not enough to stop potential hackers from accessing your account and data. Also, the button to sign out everywhere isn't helpful to stop hackers unless you know someone is/has logged in to your account. There is also nothing stopping them from changing your password and email making you unable to access your account, which could be even worse than it already is (I assume) if you are a premium user.

 

The fact that they haven't done something on this matter since 2018 says to me that they don't care about consumer safety, especially since it doesn't take 2-3+ years to develop a 2FA system (though I'm not an expert on that).

 

I, personally, can only hope that they add 2FA sooner than later. 😕

MalikP_EU
Newbie

I wrote like month ago on their twitter. Depending what they answered me they are are satisfied with security they have and not going to implement 2FA or other MFA soon. They do not even consider it .. So just stop using this *** service and migrate self to another service provider .. google music, apple music or other provider.

GrowthOverProfit
Newbie

Oh hi, thanks for checking in. Spotify still doesn't support 2FA.

Not like people have been requesting it for over half a decade or anything.

MalikP_EU
Newbie

You can use this free service to migrate playlists from spotify to other service https://www.tunemymusic.com/

Do not waste time.

G_Loc
Gig Goer

^^ This.  Drop Spotify.  They don't care about security since they make money from whoever is streaming, be it a legit account holder or someone using stolen credentials.