Two Factor Authentication (2FA) for Deezer

I have someone compromise my account and change the email address simply by know the password. Fortunately, Deezer support helped me fix the problem and I changed the password to a more secure one, but in my opinion 2FA should be implemented specially that our credit cards and whatnot are linked to the account.

Alternatively, email and password change should be confirmed by the registered email before it is implemented.

Hi there @lordofthefigs 

Thank you for your support. We're actually looking into this and other options to improve security, due to issues like the one you've had. It's very important to have your feedback so that the suggestion can take more priority 

Hi,

my account was hacked last year and I was lucky that I found out within minutes.

2FA would really help to improve security.

Also for the family account it would be nice to have different log ins so you can use a more complicated password.

Thank you :-)

Hi again @gandolf_wizard 

2FA is a good shout, we're aware we need to do something to do with authentication.

Regarding Deezer Family, don't worry, that one is coming soon 

I don’t remember if Deezer tells you that your password is insecure when you are creating an account on Deezer. If is not:

1. Tell user that his/her password is fragile. Don’t allow typical passwords like Deezer, user, music, 1234,etc.  Write a new one with symbols, numbers, capital letters, and at least 14 characters.
2. When changing password: don’t allow old ones and follow instructions of point 1.
    

More security things:

• Tell users if their accounts have been hacked, to change password even if they haven’t been compromised.
• Tell Deezers to change passwords every year. So brute force attacks have to start again.
• option to close Deezer when you leave app => use password, biometric data for a fast log in.
• Close Deezer if it hasn’t been used in 2 days, for example.
• If you have already log in in a device, and you want to do the same in a second one, create a number in first device and verify it in the second. Or just at windows with “are you the one who’s logging in that device?”
• Unlock Deezer with pre-registered devices, like headphones you use.
  
  Your turn

We're actually developing new measures to cover some of the security suggestions you made there @walker 

I had to highlight your user recommendations as well 

Update needed.

I work in IT and I know for sure 2FA is almost a must when personal information… account details… I use 2FA on my Google account as well. This is ridiculous it’s not online by now already.

I don’t mind if someone will know what music I listen, I can show you my playlists, but personal details. Please. Make 2FA on Deezer, with a possibility to use it only on new devices. Thanks.

Thanks for supporting this idea too @hpguru 

This is on our backlog for a while now, hopefully we can add it to Deezer in the near future 

Any updates on this?

In today’s modern world, 2fa is not a feature - its a requirement. Particularly with EU IT standards, which now include higher levels of basic security, that includes 2fa for all user accounts.

It is this reason alone as to why I am not subscribing at this point. Implementing 2fa means you beat spotify and other providers to the punch and it can even be used as a usp for your product. If you provide 2fa, I will subscribe with confidence knowing that the chances of my account being hacked are minimal. 

Having had my account hacked on spotify multiple times, I was optimistic about changing music streaming supplier. Checking these support forums, it seems people regularly get their accounts hacked on Deezer also. Because of that, it seems I am only left with Apple and Tidal who use 2fa, neither of which have particularly brilliant new music auto selections. Deezer has the best, however without 2fa I cannot subscribe.

Is it possible to give a time frame on implementation on this?

For the love of God implement 2fa 3 years is way too long! Have your dev team lost their minds?! I've only had my account for less than a month and I'm already seeing someone else's music in my F-ing feed, please, please, please add 2fa, this is completely ridiculous!

@KC king collin Lol I don’t we’re ever gonna see it. Been 3 years with them saying soon. Though it’s probably because they have other things to do that they view more valuable and this is pretty far down their “things to do” list or something.

Yeah just implement it already, the whole internet already has it. So why not?