In 2015, Spotify user ThomasVH suggested that the company should enable two-factor authentication for user accounts. By then, two-factor authentication methods had become commonplace, especially after Mat Honan’s 2012 Wired article and loud calls for its adoption across the web in 2013.
Well, after two years of no activity, ThomasVH’s suggestion received an answer from Meredith at Spotify:
Hey @ThomasVH we’ve revisited this idea with the teams behind logging into Spotify. We’ve decided not to move forward with two-factor authentication at this time.
Last year, Sarah Perez of Techcrunch rightfully pointed out that a combination of password re-use and a lack of two-factor authentication lead to hundreds of Spotify accounts being compromised. User names and passwords for Spotify Premium show up all the time on illegitimate message boards. Password re-use is a problem, of course, but Spotify’s lack of willingness to implement a reasonable — if imperfect — precaution to protect accounts exacerbates the issue. They need to do better.