It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussionTwo factor authentication(38 posts)(38 posts)
(38 posts)
Pages:
1
2
3
This is my favourite topic
Posted April 30, 2015
avatar
moonshineshadow: Yeah but normally that should not be possible if a normal security is implemented here. But apparently it is not.
To be fair, password change would be the least of my concerns, it's usually fairly easy to prove to support what happened even tho it's hassle. People using my account for, say, purchasing gift codes with a stolen card or any other similar activity disturbs me far more - even tho, admittedly, I'm not sure why would someone go trough the trouble of gaining access to an account instead of just creating a fresh one. Still, I would feel safer having two layers of protection, altho I wouldn't feel a thing then. I'd last far longer tho. Something to consider.
Posted April 30, 2015
avatar
ChrisSZ: Unhide Teenagent?
Oh my, we need confirmation emails right now!!
Posted April 30, 2015
This isn't funny!

Just last week some asshole hacker got into my account and unbundled all my games!

We need to do something about this!
Posted April 30, 2015
avatar
moonshineshadow: Yeah but what can someone do with that except download the games and play them?
avatar
mobutu: I not worrying about that, I'm worried about me loosing the account and all them games ;)
Then don't rely on an online service. Download immediately anything brought, systematically order, and back up every item. I keep Excel grids on what I own, where brought etc, quarterly drive backups, two external, two internal. Relying on any online system will just lead to trouble eventually. This is the best thing about DRM free, you can do this, yourself, free to organise and keep the items you buy! Imagine a world where you can switch on a computer which isn't connected to the world wide tracker, and be able to install any of your owned software and play away!

I do however agree, that an email notification of changes to an account is in order.
Posted April 30, 2015
avatar
tinyE: Just last week some asshole hacker got into my account and unbundled all my games!
Same asshole hacker got my account too and he tripled my games!!!
Attachments:
unbndl.jpg (450 Kb)
Post edited April 30, 2015 by real.geizterfahr
Posted April 30, 2015
This thread requires a blue post.
Posted April 30, 2015
avatar
nightcraw1er.488: I keep Excel grids on what I own, where brought etc, quarterly drive backups, two external, two internal
That looks like a full time job ;)
just kidding, know about backups and related stuff ...
Posted April 30, 2015
avatar
nightcraw1er.488: I keep Excel grids on what I own, where brought etc, quarterly drive backups, two external, two internal
avatar
mobutu: That looks like a full time job ;)
just kidding, know about backups and related stuff ...
Trust me, it is to setup. But then it gets better only having to keep up to date with patches. They say you can't take it with you when you go, but I am going to sneak one of my backups in somehow :o)
Posted May 01, 2015
avatar
moonshineshadow: I don't think there are plans for this. Have never read anything about it here.
But why would you need it? No payment methods are saved here.

[edit] Since there is not even a protection against password changes, yes it would be a good thing.
I guess the question is, why not enable it? It may not contain sensitive materials like say an email account, but why should I not have the option to enable it if I so choose? It's not as if sending an additional email or sending a push notification to approve before logging in is expensive to implement. Every two factor solution out there is opt in as well, so if you choose to not enable it you certainly could. Why not further protect your customers given the option?

I guess this can't be answered for sure until the Galaxy-Client is established here. Maybe the updating system will heavily rely on it but this and online multiplayer aside, I don't see a reason to worry, I've been wrong multiple times before though.
Why would the Galaxy client matter? It's entirely possible to enable two factor on the standard GOG webpage. If it was just implemented in one place it would be sort of pointless.
Posted May 01, 2015
Now you have piqued my curiosity. How do other websites, regardless if it is gaming or not, do this?
Posted May 01, 2015
avatar
theantioch.426: I've been very happy with GOG over the years, and with the increasingly bad decisions from Valve, I will likely be increasing my purchases from here. Before I drop a pile of cash, I would like to know what plans, if any, there are for enabling two factor authentication for GOG accounts.

Edit: Can't words
And what exactly is so bad about this two factor authentication? How does it limit you, exactly?

I to an extent do not mind anti-piracy topic, as ripping games is IMO most disloyal to gaming immediate or long term, and workers like us - none of us would particularly love our payroll being stolen, or ... you are a most principled, prole, or what? ;-)

I do expect privacy and convenience - and I am not sure if flying transatlantic would allow me to go off-line and consistently play a heavy DRM title, or if ticking off "do not send gaming feedback" really sticks.

I wish I knew about the latter, because this would be a matter of principle. But on good faith principle, if one can go off-line this is fine - and there is always BG or Morrowind or Divinity etc to entertain one on-board anyway if this really is about off-line gaming on transit.
Posted May 01, 2015
avatar
real.geizterfahr: Same asshole hacker got my account too and he tripled my games!!!
I like those sunglases at the bottom.
Posted May 01, 2015
avatar
SpringPower: Now you have piqued my curiosity. How do other websites, regardless if it is gaming or not, do this?
When you log in from an unauthorized computer, they send you a randomized security code on your email which you also need to log in besides your user name and password to authorize the machine. All further log ins from that machine will work without the code. Basically, whenever you're accessing account from a new computer, the website also checks if you really are owner of email registered with that account.
Posted May 01, 2015
avatar
SpringPower: Now you have piqued my curiosity. How do other websites, regardless if it is gaming or not, do this?
avatar
Fenixp: When you log in from an unauthorized computer, they send you a randomized security code on your email which you also need to log in besides your user name and password to authorize the machine. All further log ins from that machine will work without the code. Basically, whenever you're accessing account from a new computer, the website also checks if you really are owner of email registered with that account.
How does it track that the computer is "authorized"?

At least on Steam, it seems I have to re-enter that damn code every damn time I want to enter the site through a web browser. Is it possibly using e.g. cookies to track it? I've set Firefox to wipe out all the offline crap (caches, offline data, cookies, history etc.) whenever I close the browser, as some sites use them for purposes I don't want them to (like limiting how many times per week I can access their pages, etc.), and also make sure all personal data (browsing history, saved passwords etc.) are also deleted when I close the browser. I wouldn't want e.g. my wife to enter different sites with my account just because I forgot to log out. Not to mention the case when I was able to access and read my friend's personal emails, just because he had used my PCs web browser to check them. That wouldn't have been possible if the browser had deleted all cached data when he closed browser.

I'm for GOG checking via email if you or someone else tries to change the account password (that just makes sense, and I am surprised if GOG doesn't so that already now). I'm against that "enter the code all the time" shit which is present in Steam.

Of course, in Steam it is now less important to me because I simply don't access their site with web browsers anymore. Only with the client (where I don't apparently even have an option to delete any tracking cookies automatically and whatnot). Fine by me I guess, as the client is not used for anything else besides accessing the Steam site.
Posted May 01, 2015
avatar
timppu: I'm against that "enter the code all the time" shit which is present in Steam.
Settings -> Account -> Disable Steam Guard. That's precisely what I want GOG to do as well.
Pages:
1
2
3
This is my favourite topic
Community
General discussionTwo factor authentication(38 posts)(38 posts)
(38 posts)