Announcements
The Spotify Stars Program: Celebrating Values Week!

Help Wizard

Step 1

NEXT STEP

[All Platforms][Other] 2-Factor Authentication

Spotify should, as a matter of good practice and safety, implement 2-step authentication.

 

Previously, Spotify enabled the option to log out other sessions other than the current session.

 

This would prevent hackers from stealing accounts, which would additionaly lead to less account hacks and less work for Spotify employees to assist in these cases.

 

More info: https://twofactorauth.org

Updated on 2018-10-18

Hi everyone, thanks for bringing us your feedback in the Spotify Idea Exchange. We’re ready to mark this idea as ‘Under Consideration’. 

 

We are currently investigating various solutions for account security for our users, e.g. 2-factor authentication. Any news regarding user-facing security updates will be posted to this thread as a status change.

 

If you'd like further information about protecting your account please visit our Support Site here.

Comments
Apoorv_Pandey_

Looks like Spotify doesn't care

htlecso

I can't believe 2FA is not yet implemented. C'mon guys it's almost 2022. I hope our credit card data is more secured..

scaine_uk

"I hope our credit card data is more secured.."

 

Based on this thread, I wouldn't trust Spotify with such data, no. I put my payment for Spotify through PayPal. At least /that/ service has 2FA support.

 

I mean, it's 2021. What doesn't have 2FA these days? Apart from, you know, Spotify.

MalikP_EU

Do not use other payment type than PayPal .. when you use any kind of payment card .. card is still authorised even you cancel subscription. It is questionable how long it take to have card removed from system but if you send request to spotify support to remove card from system manual way they respond "ITS NOT POSSIBLE". I tried do it this way when i canceled my Premium. 

Because your card is still authorised attacker can again activate premium and with this kind of behavior you as owner are loosing power over your money.

Wubwubwooble

In all honesty I'm not using spotify *period* until 2FA is implemented, and not through Facebook because I have family that had their information stolen through Facebook through no fault of their own except that they bought a pack in one of the games on there, only to have a huge Facebook data leak happen not long after. SOMEHOW the same guy in Washington had her card information like three times. I'm positive somebody was selling credit card information.

 

To the person that said "Looks like Spotify doesn't care," you'd be correct! Despite their Twitter support account being named "Spotify Cares," they really don't. If they did then they'd have put in 2FA ages ago. 

 

Spotify has also just asked me for feedback since I've been visiting this forum kinda regularly. Enjoy the negative review I guess. They at least don't post bot responses when they get tired of**bleep** like Blizzard does.

Yocobicus

Lets have an option for 2fa (two factor authentication) visible wireless a child company of version wireless. They are not looking so good right now. I would love to help YOU keep your platform safe. In return that keeps my playlist and credit information safe. Thank you a loyal customer.

ScottAndMin

I'm all for security, but I would hope that adding 2FA wouldn't mean that I *have* to go through additional steps on my home system. I leave my computer logged into Spotify all the time, and I would really dislike having to authenticate each morning, or whatever.

For me, a big part of why I like Spotify is that it's always there, ready to play with minimal fiddling. By all means, add additional login security, but for those of us who like to remain logged in indefinitely, please don't penalize us -- make it something we can opt in or out of.

 

MalikP_EU

@ScottAndMin 

Are you using youtube on TV ? do you need login each time again and again ? No. You don't.

Still this can be option .. if you want you will activate and use 2FA / MFA. If you do not want you will not activate it.

But as I wrote youtube/ apple music ...and other services does not require to login again and again each time you want to use them so I see there no problem.

ScottAndMin
> Are you using youtube on TV ? do you need login each time again and
again ? No. You don't.

Check yt.

I know there are other implementations that don't require you to
authenticate every day. There are also implementations that time out and
require re-authentication, and you can't configure them _not_ to do that.

I'm supportive of adding 2FA (I'm very pro-security) -- but I'd be
disappointed if they implement it in a way where it's not possible to
opt-out of periodic re-authentication.

MalikP_EU

Today i got response from spotify:

 "

We understand that you have been in contact with our customer support team in relation to your account security and the security measures we have implemented to protect our users data. Whilst 2-factor authentication is one security protection we of course consider, it is currently not a specific legal requirement and Spotify has other appropriate security measures in place in order to protect our user accounts from security threats. With regards to your question about how you can extract your Spotify data and export that data to another service provider, we'd recommend that you request a download of your data. Once you’ve received it, you're free to transmit this data to the service provider of your preferred choice. If you have any further questions, please let us know. All the best, The Data Protection Office at Spotify

 

"