Keep it clean
If you believe that a wish duplicates another one or is not meant for the category, use Options button above to report a duplicate or spam.
Add your wish
If there is an item you wish to have on GOG.com and it’s not yet on the wishlist, please add your wish
Two-Factor Authentication / SMS Security / 2FA completed
E-mail 2FA is a joke. I spent a weekend trying to log-in. E-mail message was in a limbo - it took more than 15 minutes to appear in spam folder. I was cut off from my account because I wanted to be more secure. Please consider implementing FIDO/TOPT
THIS IS NOT COMPLETED!! GIVE US TOTP 2FA.
It's 2024 GOG. Where is the 2FA OTP option?
E-mail 2FA isn't the best option. SMS is even worse. We need 2FA with an authenticator app.
The current email 2FA implementation is just not good enough, email is way too slow.
We need real 2FA like FIDO or HOTP/TOTP.
Show us WHERE we said we wanted Two step login? we all want Two factor authentication meaning using authenticator apps on our phones to put the codes in to log into our accounts. Who assumed that this is what we wanted when you KNEW what we wanted was to use authenticators!
Who flagged this completed? It's not.
Receiving a code at the same email address you use to log in is not a second factor - especially because the email can take upwards of half an hour to be received. An expired code is useless. Please implement TOTP.
The other thread: www.gog.com/wishlist/site/add_google_authentication_option
How can this be marked as completed? There is still no option for FIDO2 2FA. Not even SMS option but FIDO2 would be much better given TN spoofing issues.
Another thread about this same issue.
The current email 2FA implementation is just not good enough.
We need real 2FA like FIDO or HOTP/TOTP.
You really need to implement proper industry standard time based or FIDO 2FA. This is a basic requirement and makes me question buying more games with you guys.
And here I am literally locked out on my desktop bc the 2FA mail isn't arriving :] fantastic job...
How this isn't a thing confuses me. We need more security than just an email.
this needs more attention
Just went through a 2FA fiasco with e-mail codes not reaching me. The incredible advice was check your spam folder. Gee, I wish I had thought of that. After three e-mails to support it just magically starts working again (3 days later). A better system should be implemented ASAP and I agree it should not be marked as completed.
Guys 2FA with an authentication app is superior to an email why isn't it an option already it's 2023 and I wouldn't want my library to actually be secure
not spending one cent here until this is properly implemented
I would appreciate a 2FA app!
I am willing to install a GOG made one - if that is the option...
The topic sayes "completed" though I just disabled 2FA and hoped I could use my password manager, but no, only email.
Why does it say its completed, when in reality it ISNT, what is going on?
Please let us use an app based 2FA method
Yes, something other than email, which is while protected, is a joke.
Finally just finished building a new gaming pc and because of your shitty TFA (which activation happened WITHOUT my CONSENT!) I CAN'T PLAY CP77 over the next days - whiuch was my christmas highlight! SUPER FED UP WITH FRICKING GOG. UX bad as fuck! Basically I want my money back. and just buy it somewhere else. Such kinda UX should not get rewarded.
FIDO2 when? TOTP when?
I have it enabled, and was just able to change my account email with out it asking for their MFA. SUPER YIKES!
Their implementation doesn't even work. If you have any gog cookie stored on your machine it never asks for it. PASSWORD RESETS don't ask for it either. Mind Blown how bad their security is. No wonder their source code was stolen with this attitude. Might as well hang a "hacker's welcome" sign on the homepage.
It's 2021; you guys seriously need more than email-only MFA.
Is this truly completed or are there still no other options beside the e-mail 2FA solution?
Please give us token based 2FA. The email method is broken. I CAN"T PLAY CYBERPUNK!
This is not proper MFA.
I know you are in china or indonesia or eastern europe where security doesnt mean anything but please add token based MFA.
Why is this still not a thing, please, even my frigging email already got TOTP, why can't this be a thing for a huge major game selling platform like this?
You really really need something modern here.. TOTP at the very least. Fido2 CTAP2 ideally.
Absolutely ridiculous there isn't 2FA support, SMS is crap and a pain to implement so screw it. 2FA however is much simpler and more secure!
This shouldn't even have to be a discussion.
Also the fact this is falsely marked as completed... Are we even being heard?
Pretty disappointing that literally half a decade after this was requested, there's still no proper 2FA. Email's better than SMS, but a proper authenticator would be best.
Please, allow TOTP.
WE WANT TOTP!
pls add Authy as a 2FA !
I have seen runescape private servers with phone authentication. I am sure a company as big as CD Projekt Red can do it lmao.
As mentioned before, please make this an SMS or phone authenticator and not an email one
This wish is falsely marked as completed! You used another method than the ones explicitly wished for by OP. TOTP ftw!
This is crap. I'm not building up a library of games here to have my account insecure and lose access to them.
I wanted two enable 2FA with Google Authenticator but only found the email option available.
They call THIS 2FA? Accasional code sent to email? I getting such mails from Humble, Digital ocean and other sometimes if 2FA DISABLED on them. They dont consider it "secure", just bare minimum.
Ok, i understand, GOG dont want to spent money on SMS, but why no TOTP or webauthn?
Still....SMS would be better (to physical phone).. I have a mobile phone reserved for that and ONLY that....it kinda makes any account completely hack proofed..in case of hostile take-overs..request through phone and voila..account back...
In case it sounds costly, debet wallet 50 cents for each use..I'm certain it won't be used often, but also that when needed it IS neccesary..
In most cases regular E-mail verification will suffice..
> This wish is completed and now available on GOG.com
Wrong, it is not complete. The expressed wish for this feature was google authenticator or sms (sms would be crap). But to write feature complete, and sending codes via emails is a joke. It doens't implement anything of what the additional description states.
I agree with others who state that Email is not a great option for this, and TOTP based 2FA would be great.
I've added a new wish for the TOTP way. www.gog.com/wishlist/site/two_factor_authentication_with_totp
E-mail is really bad choice for this, standard hotp and totp can be implemented in an hour (that is, if you know nothing about the topic in the beginning). I'll gladly do that for you if you release galaxy for linux ;-)
I do not consider this wish completed right now and neither should you.
Now for TOTP...
89 comments about this wish