Bitwarden-Blog

Industry Leaders Security Rankings: Music Streaming Services

verfasst von:
Bitwarden
veröffentlicht am:
27. Dezember 2022

In an effort to determine if music streaming services users can easily utilize strong and unique passwords, Bitwarden recently examined the top 5 music streaming services (ranked by total users).

Music streaming services are wildly popular. According to Statista, the number of music streaming subscribers globally totals over 500 million. 

The criteria used and the numerical grading system is the same as our previous entries for banks, social media, TV streaming, and e-Commerce. With companies like Spotify and Tidal driving conversations around their artist selection and exclusive content, it’s no wonder TikTok is considering getting in on the music streaming action. 

These services are also easily accessible. As Slash Gear notes, these platforms “are filled with a constantly-updated library of music that is made remotely available across many different devices, including smartphones, smart TVs, car audio systems, and video game consoles.”

While there aren’t many current stats available, there’s also a reasonable chance consumers utilize more than one music service. When considering this, along with the cross-platform availability of these services and the likelihood consumers are storing their financial information, the ability to easily create and manage a strong and unique password becomes top-of-mind.

Is your music streaming service password-friendly? We explore further below.

Criteria

The criteria used to assess password security are:

Does the streaming service allow passwords that are at least 40 characters?

Experts advise passwords be strong and unique, with strength being best determined by long, random passwords. In How secure is my password we note, "Short passwords are far more susceptible to a brute force attack, where a computer or malicious software program goes through every 8-digit combination (or more) of characters until it finds a match."

For the purpose of this exercise, we’re specifically evaluating whether organizations allow users to create passwords that are at least 40 characters - a number we settled on because passphrases, which are increasingly popular, tend to be quite long. Plus, password managers - which help people generate, store, and manage passwords - can generate much longer passwords for enhanced security that may exceed the limit. 

Does the streaming service allow users to paste and autofill passwords?

This is a good thing. Password pasting enables the use of password managers, and autofill enables fast and easy logins

Does the streaming service offer two-factor authentication (2FA)?

This is a good thing. As we’ve said time and time again, two-factor authentication is more secure than simply using a username and password. 

Does the streaming service allow authenticator apps?

Does the streaming service allow authenticator hardware?

These are both good. Authenticator apps and hardware add extra levels of strong protection and are more secure than SMS text messages. 

Does the streaming service send an email informing the user of a password reset?

Does the streaming service require the user to login again using the new password?

These are both practical steps. It’s prudent to alert users to a password change they may not have authorized. Requiring them to login again is a security best practice. 

Password Security Scoring System

The assessment includes a grade for each company. To determine the grade, we assigned either an ✅(good) and an X (not good) to the seven questions articulated above. For example, 7/7 ✅ is a perfect score, or 100%. A 5/7 is 71%, which is defined as ‘fair’’.

Below is a simple guide to the grading. Below that, you’ll see the grades for each bank.

Grading Guide

85-100%: Good

71-84%: Fair 

0-70%: Room for Improvement

Spotify

Spotify password security score |

Spotify’s does not limit password length and allows users to paste passwords, which is a password manager-friendly approach. But, there’s no reason the most popular music streaming service in the world shouldn't offer two-factor authentication (2FA).

Password Security: Room for Improvement

✅ Allows passwords ≥ 40 characters

✅ Allows users to paste passwords 

⛔ Does not allow two-factor authentication

⛔ Does not allow authenticator apps 

⛔ Does not allow authenticator hardware 

✅ Informs users of password reset 

⛔ Does not require login using new password 

PASSWORD SECURITY SCORE: 42%

Apple Music

Apple Music password security score |

Apple Music fares better than Spotify, albeit in different categories. It does enable 2FA and allows for the use of authenticator hardware. But, shouldn’t one of the most privacy-obsessed companies around be hitting it out of the ballpark?

Password Security: Fair

✅ Allows passwords ≥ 40 characters

✅ Allows users to paste passwords 

✅ Offers two-factor authentication

⛔ Does not allow authenticator apps 

✅ Allows authenticator hardware 

✅ Informs users of password reset 

⛔ Does not requires login using new password

PASSWORD SECURITY SCORE: 71%

Tidal

Tidal password security score |

Even Beyonce exclusives can’t save Tidal. While it’s friendly to password managers, it falters in four categories. Similar to Spotify, it needs to get on board the 2FA train.

Password Security: Room for Improvement

✅ Allows passwords ≥ 40 characters

✅ Allows users to paste passwords 

⛔ Does not allow two-factor authentication

⛔ Does not allow authenticator apps 

⛔ Does not allow authenticator hardware 

⛔ Does not inform users of password reset 

✅ Requires login using new password

PASSWORD SECURITY SCORE: 42%

Amazon Music

Amazon Music password security score |

Amazon Music gets points for its decision not to limit passwords and allow for password pasting. But, it should be savvy enough to know that 2FA is a key component in keeping data secure.

Password Security: Room for Improvement

✅ Allows passwords ≥ 40 characters

✅ Allows users to paste passwords 

⛔ Does not allow two-factor authentication

⛔ Does not allow authenticator apps 

⛔ Does not allow authenticator hardware 

✅ Informs users of password reset 

✅ Requires login using new password 

PASSWORD SECURITY SCORE: 57%

YouTube Music

YouTube Music password security score |

The other services should take a page from YouTube Music, which comes out on top. The category where it receives a markdown is a relatively easy fix. Perhaps we’ll see improvement in the coming months?

Password Security: Good

✅ Allows passwords ≥ 40 characters

✅ Allows users to paste passwords 

✅ Offers two-factor authentication

✅ Allows authenticator apps 

✅ Allows authenticator hardware 

✅ Informs users of password reset 

⛔ Requires login using new password

PASSWORD SECURITY SCORE: 85%

Conclusion

As the blog makes clear, these services have room for improvement when it comes to password security protocols for their customers. 

Consumers who are using one or multiple streaming services should prioritize using strong and unique passwords (and different passwords for each site, as password reuse can compromise multiple data sources) and deploying 2FA solutions where possible (props to Apple Music, Spotify, and YouTube Music).

So, how did your favorite music streaming service perform? Follow Bitwarden on Twitter and let us know.

Ready to get started with a password manager today? Quickly get set up with a free Bitwarden account, or sign up for a 7-day free trial of our business plans so your business and company colleagues can stay protected.

Industry Leaders Security Rankings Series

Auf dieser Seite

Zurück zum Blog

Noch heute mit Bitwarden loslegen

Kostenloses Konto einrichten
Sprache
© 2023 Bitwarden, Inc.
NutzungsbedingungenDatenschutzerklärungSitemap