Spotify Security

[edussz]

Hi guys.. Last week, just a day after I signed for a premium account, my spotify was hacked. Someone changed my email, and the type of account to family. After searching the web, I found multiple threads of this type of behavior.
So after contacting them and getting everything sorted, I started researching security measures to prevent this from ever happening again. And to my surprise, I found out that Spotify has no 2-Factor Authentication what-so-ever!

Futher than that, just last month, they decided to cancel this all together as non essential function.
https://community.spotify.com/t5/Live-Ideas/2-factor-authentication/idi-p/1017889
How can a company of this size care so little about security? I'm dumbfounded by this...

Any of you had this kind of experience with them?

[ItsMitch]

Who needs security in 2017 lul, that's so 2012

[terrytek]

I found 2 factor authentication too much of a hassle, so I really despise it. But I haven't been hacked on spotify at all, so don't take my opinion. 

[LHJKO]

2 factor authentication on an app thats supposed to be open it play music easy  who tf is going out of there way to hack soptify accounts what are they getting out of it a 5$ subscription 

[.spider.]

I do not really see the benefit of 2FA for services like Spotify or Netflix. 

[RyanChase]

As an option, it is always great to have the option. I have 2step on my Apple Watch and it works great!

[ProjectBox153]

I think it's great as an option (I use it on LTT) but I've had Spotify for years and years now with no such issues. 

[divito]

I don't like 2-factor authentication for the extra hassle it involves. I suppose it's alright for piece of mind, but in practicality, it's not helping my experience and/or efficiency.

[SansVarnic]

I use 2FA in a lot of things, but I do a lot of stuff that pretty much requires it ... I also use long passwords 11-50 character passwords [I know impossible to remember] but that is what I do, commonly 2FA is not necessary for the common user.

[IKnight]

2FA can go screw itself. It complicates your life for no point. I don't really care if my accounts are hacked, granted. 

[Beef Boss]

I've had almost every account of mine hacked. Online games, YouTube, twitch.. Not this one though. 

2FA is a great option, it's a hassle but theres compromises to be taken with security. 

[Tsuki]

lets be honest, if they  can get into our spotify, they can get into your email to past 2fa. its worthless and either just confuses or annoys most users.

2FA only exists to make you feel safer, it doesnt actually do anything.

 

besides, its spotify, who cares? cancel the $5 sub, create a new account, follow the old one to see the playlists and port it over. takes less than 10 minutes.

[.spider.]

6 hours ago, Tsuki said:

 

2FA only exists to make you feel safer, it doesnt actually do anything.

That's not true.

If 2FA is implemented well it's strengthen the security a lot.

[Tsuki]

48 minutes ago, .spider. said:

That's not true.

If 2FA is implemented well it's strengthen the security a lot.

if i have access to your email(which if im actually targetting you, i do), or i can spoof your phone number(not as hard as it sounds), then 2FA is worthless

[.spider.]

2 hours ago, Tsuki said:

if i have access to your email(which if im actually targetting you, i do), or i can spoof your phone number(not as hard as it sounds), then 2FA is worthless

You don't have access to my E-Mails and the login is secured by a 2FA TOTP. Thus having access to my short messages which is highly difficult to get won't help you.