Exactly the same thing happens if I try.

Ha! Now I know your name... DAAAAVE!

Most people in here already know my real first name so stop being so smug. :P

No, brute force is useless with encrypted password, something that even yahoo has now learned

Also it nonsense for the first login, it may have sense for multiple attempts, but it's useless for the first try

Have you ever wondered why no service, like google for example, use such thing? Why no secure server use the triple damned captcha for their unique ID login?

Simple, because it's pointless. Repeated attempt are much more efficiently blocked in other ways, among others temporarily disabling an account, blocking the attempting IP, encrypting the password or using the simple Two Step Authentication already available even here

The last solution is simple and effective. If you really want more security, either issue certificates for logging in, or if you really, really have no better idea then using captcha, at least make so it trigger only after 2nd or 3rd attempt. After all it the hacker match the password on the first try, either he should try the lottery instead, or it already have the password, witch make pretty much anything else then the Two Step Login or certificate, useless


To add some flavor to the story, depending on what ISP you have, google captcha may automatically fail for you as all your attempt may be marked as spam, this happen because google detect repeated attempt from the same exit IP point, where other thousand of people get their connection exit point as well

I had that exact problem for example, and could not access my gog account for more then 4 days, after more then 30 attempts, without using TOR, where the triple damned captcha actually worked. Simply unacceptable

ok, good to hear ;)

Was it enough do guide you?

Yes, indeed! I now have it set to take care of all cookies, etc. on close. I was clicking the FF Forget about browsing data arrow.

Thank you

Actually I don't, heh.

Neither do I, and I want to know.

I think it would be something cute like Edward or Eugene.

No it's not useless. I'm a developer.
Brute force actually works. Encrypted passwords lmao. They are not encrypted when you type them. They get encrypted in the database but the php code will encrypt it and then compare to the encrypted password.
Btw, it's also probably there to ensure bots can't login to gog. You know...You could make a bot that signs up, logs in, votes for a particular game and logs off...to abuse the rating system on games. You never know what developers will do to help sell their game.

Is it really that annoying to click on 3 or 4 images ? That takes you what ? 5 more seconds ?

It's annoying?
Yes
It's useful as an effective security?
No
Can be completely replaced by disabling re-access to the request for N seconds, and blocking IP?
Hell Yes

Final score:
Useless

If snowkatt is to be believed, it's Patrick.

No, it is Yeti N(orbert)

How mean. :-(
I passed the Turing test, why won't you let me in?

Godsdamnit, GOG, AGAIN?!

Last Saturday I could log in without any issues. Now I can't without host-unblocking fucking Google, because apparently somebody on your dev team decided the utterly useless "feature" is oh-so-necessary.

Implement some bloody security on your own end and stop forcing me to send things to Google. Here's one suggestion on how to do it if it's so difficult to figure out:

https://www.gog.com/forum/general/captcha_to_log_in/post36