In an effort to determine if music streaming services users can easily utilize strong and unique passwords, Bitwarden recently examined the top 5 music streaming services (ranked by total users).
Music streaming services are wildly popular. According to Statista, the number of music streaming subscribers globally totals over 500 million.
The criteria used and the numerical grading system is the same as our previous entries for banks, social media, TV streaming, and e-Commerce. With companies like Spotify and Tidal driving conversations around their artist selection and exclusive content, it’s no wonder TikTok is considering getting in on the music streaming action.
These services are also easily accessible. As Slash Gear notes, these platforms “are filled with a constantly-updated library of music that is made remotely available across many different devices, including smartphones, smart TVs, car audio systems, and video game consoles.”
While there aren’t many current stats available, there’s also a reasonable chance consumers utilize more than one music service. When considering this, along with the cross-platform availability of these services and the likelihood consumers are storing their financial information, the ability to easily create and manage a strong and unique password becomes top-of-mind.
Is your music streaming service password-friendly? We explore further below.
The criteria used to assess password security are:
Does the streaming service allow passwords that are at least 40 characters?
Experts advise passwords be strong and unique, with strength being best determined by long, random passwords. In How secure is my password we note, "Short passwords are far more susceptible to a brute force attack, where a computer or malicious software program goes through every 8-digit combination (or more) of characters until it finds a match."
For the purpose of this exercise, we’re specifically evaluating whether organizations allow users to create passwords that are at least 40 characters - a number we settled on because passphrases, which are increasingly popular, tend to be quite long. Plus, password managers - which help people generate, store, and manage passwords - can generate much longer passwords for enhanced security that may exceed the limit.
Does the streaming service allow users to paste and autofill passwords?
This is a good thing. Password pasting enables the use of password managers, and autofill enables fast and easy logins
Does the streaming service offer two-factor authentication (2FA)?
This is a good thing. As we’ve said time and time again, two-factor authentication is more secure than simply using a username and password.
Does the streaming service allow authenticator apps?
Does the streaming service allow authenticator hardware?
These are both good. Authenticator apps and hardware add extra levels of strong protection and are more secure than SMS text messages.
Does the streaming service send an email informing the user of a password reset?
Does the streaming service require the user to login again using the new password?
These are both practical steps. It’s prudent to alert users to a password change they may not have authorized. Requiring them to login again is a security best practice.
The assessment includes a grade for each company. To determine the grade, we assigned either an ✅(good) and an X (not good) to the seven questions articulated above. For example, 7/7 ✅ is a perfect score, or 100%. A 5/7 is 71%, which is defined as ‘fair’’.
Below is a simple guide to the grading. Below that, you’ll see the grades for each bank.
85-100%: Good
71-84%: Fair
0-70%: Room for Improvement

Spotify’s does not limit password length and allows users to paste passwords, which is a password manager-friendly approach. But, there’s no reason the most popular music streaming service in the world shouldn't offer two-factor authentication (2FA).
Password Security: Room for Improvement
✅ Allows passwords ≥ 40 characters
✅ Allows users to paste passwords
⛔ Does not allow two-factor authentication
⛔ Does not allow authenticator apps
⛔ Does not allow authenticator hardware
✅ Informs users of password reset
⛔ Does not require login using new password
PASSWORD SECURITY SCORE: 42%

Apple Music fares better than Spotify, albeit in different categories. It does enable 2FA and allows for the use of authenticator hardware. But, shouldn’t one of the most privacy-obsessed companies around be hitting it out of the ballpark?
Password Security: Fair
✅ Allows passwords ≥ 40 characters
✅ Allows users to paste passwords
✅ Offers two-factor authentication
⛔ Does not allow authenticator apps
✅ Allows authenticator hardware
✅ Informs users of password reset
⛔ Does not requires login using new password
PASSWORD SECURITY SCORE: 71%

Even Beyonce exclusives can’t save Tidal. While it’s friendly to password managers, it falters in four categories. Similar to Spotify, it needs to get on board the 2FA train.
Password Security: Room for Improvement
✅ Allows passwords ≥ 40 characters
✅ Allows users to paste passwords
⛔ Does not allow two-factor authentication
⛔ Does not allow authenticator apps
⛔ Does not allow authenticator hardware
⛔ Does not inform users of password reset
✅ Requires login using new password
PASSWORD SECURITY SCORE: 42%

Amazon Music gets points for its decision not to limit passwords and allow for password pasting. But, it should be savvy enough to know that 2FA is a key component in keeping data secure.
Password Security: Room for Improvement
✅ Allows passwords ≥ 40 characters
✅ Allows users to paste passwords
⛔ Does not allow two-factor authentication
⛔ Does not allow authenticator apps
⛔ Does not allow authenticator hardware
✅ Informs users of password reset
✅ Requires login using new password
PASSWORD SECURITY SCORE: 57%

De andra tjänsterna bör ta en sida från YouTube Music, som kommer ut överst. Kategorien där den får en markdown är en relativt enkel lösning. Kanske kommer vi se förbättringar under de kommande månaderna?
Lösenordssäkerhet: Bra
✅ Tillåter lösenord ≥ 40 tecken
✅ Tillåter användare att klistra in lösenord
✅ Erbjuder tvåfaktorsautentisering
✅ Tillåter autentiseringsappar
✅ Tillåter autentiseringshårdvara
✅ Informerar användare om lösenordsåterställning
⛔ Kräver inloggning med nytt lösenord
SÄKERHETSPOINT FÖR LÖSENORD: 85 %
Som bloggen klargör har dessa tjänster utrymme för förbättringar när det kommer till lösenordssäkerhetsprotokoll för sina kunder.
Konsumenter som använder en eller flera streamingtjänster bör prioritera att använda starka och unika lösenord (och olika lösenord för varje sida, eftersom återanvändning av lösenord kan äventyra flera datakällor) och distribuera 2FA-lösningar där det är möjligt (rekvisita till Apple Music, Spotify och YouTube Music).
Så, hur fungerade din favoritmusikstreamingtjänst? Följ Bitwarden på Twitter och låt oss veta.
Är du redo att komma igång med en lösenordshanterare idag? Kom snabbt igång med ett gratis Bitwarden-konto, eller registrera dig för en 14-dagars gratis provperiod av våra affärsplaner så att ditt företag och dina företagskollegor kan förbli skyddade.
