Affiliate links on Android Authority may earn us a commission. Learn more.
Spotify finally offers 2FA support, but it's horrible
- Some Spotify users are being prompted to enter a 2FA code when logging into their accounts on a new device.
- The feature has rolled out to select accounts, but there’s seemingly no way to manage or toggle it.
- The security codes are delivered through emails exclusively, and there’s currently no way to set up the 2FA feature using a third-party app.
Spotify hacks aren’t unheard of, and numerous thieves log into premium accounts using leaked credentials. That’s to avoid paying for the service and enjoy it without ads or restrictions. The good news is that Spotify has finally listened to its users and is seemingly rolling out a 2-factor authentication (2FA) feature. The bad news is that it is unreliable, works unpredictably, and hasn’t been implemented properly.
According to a couple Reddit posts (1, 2), Spotify is now prompting some users to enter a 2FA code when attempting to log into their accounts. The service delivers the six-digit code through an email sent to the address used for registration. The user may then access their account, once the inputted email, password, and 2FA code are verified.
While having this extra layer of security is a welcome change, it’s certainly far from ideal. For starters, not all accounts are being prompted to enter a 2FA code when logging in on a new device. This suggests that the feature is rolling out gradually.
Secondly, there’s seemingly no way to manage or toggle the feature in your account settings, and it doesn’t necessarily ask for a code every time you attempt to sign in. Last but not least, you can’t set up the 2FA feature for your Spotify account using a third-party app; you’re limited to the default email delivery method.
Funnily, Spotify already offers artist accounts a proper 2FA feature with support for third-party apps and SMS delivery. So, technically speaking, it should be relatively simple for it to bring the same execution to consumer accounts, but it chooses not to. Whether the newly added, subpar 2FA feature will evolve in the near future is yet to be seen.