[Security] 2-Factor Authentication

Spotify should, as a matter of good practice and safety, implement 2-step authentication.


Previously, Spotify enabled the option to log out other sessions other than the current session.


This would prevent hackers from stealing accounts, which would additionaly lead to less account hacks and less work for Spotify employees to assist in these cases.


More info:

Updated on 2018-10-18

Hi everyone, thanks for bringing us your feedback in the Spotify Idea Exchange. We’re ready to mark this idea as ‘Under Consideration’. 


We are currently investigating various solutions for account security for our users, e.g. 2-factor authentication. Any news regarding user-facing security updates will be posted to this thread as a status change.


If you'd like further information about protecting your account please visit our Support Site here.


Why no 2FA yet?


Spotify wrote: ->" is currently not a specific legal requirement and Spotify has other appropriate security measures in place in order to protect our user accounts from security threats"

Because contrary to the name of their support Twitter, Spotify does, in
fact, not care.

It seems like an unnecessary liability. I guess if there is no actual harm being caused to users if they get hacked, then no biggie?

Except that there is possible harm if they're able to see your payment
information as easily as they are. Also your address.

My account was recently hacked and I had to scramble to save my 10+ year old account and playlists from disappearing.  So, uh, adding my voice to the endless pit of people begging for real account security.


Given my level of frustration after being hacked right now, I 100% agree. I changed both my email and password, yet this clown is still stopping my music and playing trash repeatedly. 

Repeatedly Rick Roll your hacker at full volume.

It's 2022 y'all, over 7 years since this thread was started and Spotify still has yet to implement this basic security feature. Obviously they don't care about the account security of their (PAYING) customers. Makes me wonder how secure their platform is as a whole. How am I supposed to trust them with my personal data?

I wouldn't. That's why I use YouTube Music now 🙂

Env: prod