Hello GOG

I can't change my email address here on GOG.?
I want to change it to a new email, but it says constantly my password isn't correct, can someone help me.
And it's very important that I have my email changed here for billings and notifications of GOG.

Please help soon.

My new email is francoleondollarhyde@gmail.com

Never write your email like that online, for security reasons.

You might have to look at what your saved password is and use that. Depending on the browser you can look at the saved passwords.

Also, never save passwords to browser and clear cache and cookies on exit. In fact writing it on a post it and sticking it to the screen is preferable to storing your passwords in something connected to the internet (which is as secure as a wet cardboard box accessible to everyone worldwide).

That's completely pointless and will make things more difficult for you without giving you any security benefits.

I never have browser issues. Also, what is the first thing IT will say if you have browser issues, clear cookies and cache. And if you don’t think cookies or stored passwords are a risk then best of luck to you, may as well simply post it all on Reddit for everyone to look at. As for making it more difficult, “convinience” is the root cause of almost all the issues raised on this forum from “optional” clients to online only games. I expect you use chrome don’t you? That doesn’t even allow you to clear cache and cookies on exit as Google wants to know everything about you :o)

You have the right idea, but are implementing it wrong. I agree cookies is a security issue, but there's places i don't want to log in every day to check (like GoG) and with 2 step authentication it just gets annoying. So i have it save cookies. I tried going sessions only, but that's webserver specific and on a server i was using closed sessions after 15 minutes of inactivity, making you had to re-login quite often. This is why you'd have a cookie as a pass which is valid for a very long time, or at least as long as they make note that you need to be signed in for.

For sites i don't want to share cookies, i tend to use Incognito mode, this means when i close the browser all related stuff goes with it. Go figure i watch most of my youtube videos and news via that mode.

Another option would be white and blacklisting cookies and sites, as well as manually deleting cookies.

So for security the combo of NoScript (if a script is ever loaded nor run, it can't get your data or track you), Cookie AutoDelete (whitelist sites you care about, others cookies are active only while the tab exists), and delete current site cookies (make all trackers and data from those site(s) go byebye).

For anything that i actually find sensitive like bank access and whatnot, i use a completely different computer, never save passwords and always private/incognito. About as safe as i can make it. Except when anyone goes near your physical computer and decides to log in and have full access...

I'd suggest making and memorizing a super master password that's long and complex. And have a password generator based on your password used instead. It has the benefit of a single password but always unique for every site you access. The biggest problem with those is some sites have obscure rules for passwords. AOL for example 16 character maximum so whenever i try to login from scratch it fails because i give it like a 70 character password.

As for logging in on a computer, shorter simpler passwords will do, but not for anything important.

On point 1, yes I agree on whitelisting, in fact I do this one the phone for GOG (DuckDuckGo browser) and then just manually wipe once a week, and that’s really the only one I do, all other sites gets squashed when I leave the site or close down. I don’t use the phone for much either so little risk. Main computer is always locked down, and yes banking on a separate machine.

For point 2 I was being excessive for comedic effect. But saying that a post it on the screen is only likely to be seen if someone breaks in and looks. If it’s connected to the internet then theoretically everyone on the planet has access. This is one of the reasons I really always advise against the internet for most things. Anything put on the internet or connected to the internet is in effect broadcast to everyone if they are so inclined. And there are teams of hackers and such like scanning every bit of data. If it’s not on the internet or connected, then it’s far harder to squire and disseminate. Again this convenience, so much easier for all medical records and banking to be on computers for people to use, also much more convenient for anyone else who wants to know…

I agree on the password generator, I do the same but have several offline files with different passwords which contain several each. They get randomised once a month for updates.

AOL, is that still a thing. I think I had a disk for that in the 90s!

Maybe, if you allow such access. Nearly all routers have firewalls built in, which basically if you get pinged but it wasn't opened on your end, they either deny access or refuse to respond.

As for scanning data, it's getting less and less useful when you consider everything anymore is encrypted. I use VPN's that's an encrypt protocol, on top of say HTTPS which is another encrypted protocol. Other than these two IP's are talking and on what port, the data is obscured. If it weren't encrypted you could gleam a lot and do man-in-the-middle attacks.

The last bit for real security issues would be email data, which is typically unencrypted, but most of it being ads and junk makes it moot, and everyone by now knows they can do encrypted email via PGP or GPG, or some other medium. And some email services do everything encrypted much like how Telegram is encrypted from the get-go.

If you weren't behind a firewall and did things unencrypted yes i'd have a much more scary view of the world. The America Online BBS, ahh yes i remember that too. I had it more for AIM, but as the big 3 are now dead (MSN, AIM, YIM) there's very little point. Heh, even when it wasn't i got more scams/spam through AIM than any other protocol.