herbertfilby: So long as you don't use the same password on GOG as another site, less likely to get hacked, yeah. But if you did get hacked you risk them changing your password and locking you out of your account and getting to download all your games for free.
Yes, I do use different passwords on different sites, as I believe as well that using the same password everywhere is kind of stupid. As for the danger of them locking me out of my account, this is a possibility I'd wish to avoid, but my avoiding of that possibility isn't (imo) worth the annoyance I just mentioned every time I login from another pc -and I haven't also been hacked before (touch wood), so I probably do something right in my password selection.
timppu: I don't think it depends at least primarily on your IP address? I thought it was about cookies. If you let those different browsers on different PCs to keep the cookies, then I think it should let you log in without the extra authentication.
Just make sure that when you log into GOG using those public PCs, like that lab PC in your university, that you log out of GOG at the end. Frankly I would also clear cookies on such public PCs just to be sure and so that they can't see my GOG username either, but then you'd trigger the extra authentication each and every time.
That also shows how important it would be for GOG to enable also extra email authentication for changing email or password on GOG, even if you have two-step authentication enabled or disabled. If you forget to log out on some public computer, it would be very important that someone else logging into the site as you can't change your email and password.
I'm unsure if GOG has some other things too which trigger the current two-step authentication, e.g. trying to log from another country? So even if I have the cookies and take my laptop abroad, would it still require the two-step authentication?
Well, I personally don't clean cookies very often, so I thought up until now that it has more to do with my ip addresses. I could test it later though in my windows and linux pcs, just to be certain, but I'd have to enable 2step, and I'm still not certain if I want to.
Also the problem with the uni pcs would still remain, as these use a kind of temporary profile. People login in those pcs with the same username and password they use for the university-provided email address, and, thus everyone has a different profile -cookies are also not kept between sessions, as the pcs in general don't remember what I did last time, even if I happen to use the same computer two times in a row. I logout of my gog account anyways, but these measures add additional insurance in regards to this. So as you said, the 2step thingy would indeed be triggered each time (and as I mentioned, my regular email account doesnt render correctly in their mandated IE) and I need to login through those pcs to actually download the bigger sized games as their download speed is on average higher than what I get at home (1-1.5 mbs/s vs 100-250 kbs/s).
I also haven't really tested logging in in the same pc from another country with 2step enabled -I bought my linux pc from Greece and brought it back to Cyprus and logged in on gog on both locations, but 2step was also disabled...