In an effort to determine if music streaming services users can easily utilize strong and unique passwords, Bitwarden recently examined the top 5 music streaming services (ranked by total users).
Music streaming services are wildly popular. According to
The criteria used and the numerical grading system is the same as our previous entries for banks, social media, TV streaming, and e-Commerce. With companies like Spotify and Tidal driving conversations around their artist selection and exclusive content, it’s no wonder
These services are also easily accessible. As Slash Gear
While there aren’t many current stats available, there’s also a reasonable chance consumers utilize more than one music service. When considering this, along with the cross-platform availability of these services and the likelihood consumers are storing their financial information, the ability to easily create and manage a strong and unique password becomes top-of-mind.
Is your music streaming service password-friendly? We explore further below.
Criteria
The criteria used to assess password security are:
Does the streaming service allow passwords that are at least 40 characters?
Experts advise passwords be strong and unique, with strength being best determined by long, random passwords. In
For the purpose of this exercise, we’re specifically evaluating whether organizations allow users to create passwords that are at least 40 characters - a number we settled on because
Does the streaming service allow users to paste and autofill passwords?
This is a good thing. Password pasting enables the use of password managers, and autofill enables fast and easy logins
Does the streaming service offer two-factor authentication (2FA)?
This is a good thing. As we’ve said time and time again,
Does the streaming service allow authenticator apps?
Does the streaming service allow authenticator hardware?
These are both good.
Does the streaming service send an email informing the user of a password reset?
Does the streaming service require the user to login again using the new password?
These are both practical steps. It’s prudent to alert users to a password change they may not have authorized. Requiring them to login again is a security best practice.
Password Security Scoring System
The assessment includes a grade for each company. To determine the grade, we assigned either an ✅(good) and an X (not good) to the seven questions articulated above. For example, 7/7 ✅ is a perfect score, or 100%. A 5/7 is 71%, which is defined as ‘fair’’.
Below is a simple guide to the grading. Below that, you’ll see the grades for each bank.
Grading Guide
85-100%: Good
71-84%: Fair
0-70%: Room for Improvement
Spotify
Spotify’s does not limit password length and allows users to paste passwords, which is a password manager-friendly approach. But, there’s no reason the most popular music streaming service in the world shouldn't offer two-factor authentication (2FA).
Password Security: Room for Improvement
✅ Allows passwords ≥ 40 characters
✅ Allows users to paste passwords
⛔ Does not allow two-factor authentication
⛔ Does not allow authenticator apps
⛔ Does not allow authenticator hardware
✅ Informs users of password reset
⛔ Does not require login using new password
PASSWORD SECURITY SCORE: 42%
Apple Music
Apple Music fares better than Spotify, albeit in different categories. It does enable 2FA and allows for the use of authenticator hardware. But, shouldn’t one of the most privacy-obsessed companies around be hitting it out of the ballpark?
Password Security: Fair
✅ Allows passwords ≥ 40 characters
✅ Allows users to paste passwords
✅ Offers two-factor authentication
⛔ Does not allow authenticator apps
✅ Allows authenticator hardware
✅ Informs users of password reset
⛔ Does not requires login using new password
PASSWORD SECURITY SCORE: 71%
Tidal
Even Beyonce exclusives can’t save Tidal. While it’s friendly to password managers, it falters in four categories. Similar to Spotify, it needs to get on board the 2FA train.
Password Security: Room for Improvement
✅ Allows passwords ≥ 40 characters
✅ Allows users to paste passwords
⛔ Does not allow two-factor authentication
⛔ Does not allow authenticator apps
⛔ Does not allow authenticator hardware
⛔ Does not inform users of password reset
✅ Requires login using new password
PASSWORD SECURITY SCORE: 42%
Amazon Music
Amazon Music gets points for its decision not to limit passwords and allow for password pasting. But, it should be savvy enough to know that 2FA is a key component in keeping data secure.
Password Security: Room for Improvement
✅ Allows passwords ≥ 40 characters
✅ Allows users to paste passwords
⛔ Does not allow two-factor authentication
⛔ Does not allow authenticator apps
⛔ Does not allow authenticator hardware
✅ Informs users of password reset
✅ Requires login using new password
PASSWORD SECURITY SCORE: 57%
YouTube Music
The other services should take a page from YouTube Music, which comes out on top. The category where it receives a markdown is a relatively easy fix. Perhaps we’ll see improvement in the coming months?
Password Security: Good
✅ Allows passwords ≥ 40 characters
✅ Allows users to paste passwords
✅ Offers two-factor authentication
✅ Allows authenticator apps
✅ Allows authenticator hardware
✅ Informs users of password reset
⛔ Requires login using new password
PASSWORD SECURITY SCORE: 85%
Conclusion
As the blog makes clear, these services have room for improvement when it comes to password security protocols for their customers.
Consumers who are using one or multiple streaming services should prioritize using strong and unique passwords (and different passwords for each site, as password reuse can compromise multiple data sources) and deploying 2FA solutions where possible (props to Apple Music, Spotify, and YouTube Music).
So, how did your favorite music streaming service perform? Follow
Ready to get started with a password manager today? Quickly get set up with a