You know that at least FF you can set up NOT to delete certain cookies?

That's an easy one, quite simply it is the "default car stereo" effect. Most people who buy a car just keep using the car stereo that came with the car, they don't go buy a new one. Likewise, most people just use the defaults that come with most things in life and not because it is better or worse but because it just is. If they don't have a specific reason arise to change something, then they just don't bother ever doing it.

So in a situation like this there are essentially the following types of people:

1) Those who want 2FA enabled for the security benefit it provides. Up until now they would have to have been aware of the feature and what it does, and then went and manually turned this feature on themselves in order to benefit from it.

2) Those who do not want 2FA enabled for some reason or another. There are some valid reasons for wanting to disable such a feature, as well as invalid or nonsensical ones, either way people like to choose and there will be some who choose to say "no". Up until now they will not have had to do anything because "no" is effectively the default until the new change comes into play.

3) People who could benefit from the additional security of 2FA but whom are blissfully unaware or indifferent and are just using the default currently because it is the default. They may or may not end up having an opinion about it once it's turned on, but they probably mostly don't care or are not aware it is there. They just use the car stereo that came with the car.

4) People who like #3 above are unaware of the 2FA feature but whom might need to disable it if their personal circumstances require it after the change takes effect.


The reason to change the default is because Internet security in general from the beginning of time has been a lax afterthought, but over time it has become increasingly a problem requiring better security measures to be put in place to help protect both users, companies and general infrastructure, and that needs to happen at scale to be effective. By making it the default, everyone benefits from the protection by default and security of the greater good is upheld. The minority who encounter a problem due to this will have the option to disable it still and select non-default behaviour, while the larger masses of people who just use the default car stereo and are potentially indifferent will benefit from the security without having to become knowledgeable about the topic or change anything.

Naturally, people can disagree with such a decision like this, but that is generally the reason why such decisions are made. Defaults are made for the general case, and having this enabled by default will provide greater security for the general user who does not have special circumstances. For those who have special circumstances such as using a lot of IP addresses regularly, or an ever changing IP etc. they are likely to be the minority and not the general case. They have the option to disable it.

If you leave the job of improving security to the average person to learn about these kind of things, make an informed decision and take action to increase the security on their own - most people will simply not bother or care and the impact on overall security does not benefit nearly as much. Forcing the change by default makes it so everyone gets it without having to do anything, and those who think they are negatively impacted can opt out.

It is essentially why many countries have laws requiring seat belts in cars, etc. You can't opt out of the car having seat belts installed, but you can opt out of using them.

The best part is that everyone can disagree, and then go change their account options to match what they prefer if they so wish.

*nods* And as long as that remains the case, couldn't really mind any change. Make the defaults what you will, let me change them, I'll be fine.
... If only software developers would think the same though. But they take away more and more options... GAH!

(On the matter at hand, had 2FA activated as soon as it was available. Tend to have it for any account I actively use where it's offered. But don't delete cookies, so it's not a nuisance for me.)

deleted

Sure, Gog's customer engagement is pretty bad. But so is every large company I deal with.

I'm not ignoring it. I sent a response with 5 concrete things they could do better in reply to the email they sent saying this is being switched on. I'm just trying present a realistic picture of this overall change.

Re: Gog's level of engagement, as a human I expect better, but as a customer of a corporate entity, I don't.

Fortunately/Unfortunately I'm old enough to remember when a customer was valued, they wanted you to come back. Now with companies having a global reach they don't care if they treat you like crap because there are billions of more people they can "milk" for their money.

Thanks for the heads up, opting out right away. This is rather annoying.

Not for me. Common sense is the least common of all senses.

I thought it was a phishing mail, just came onto the forum to see if other people also got it. To my suprise gog actually sends an email with links to click on that ask you to login.

At first I thought this was enforced without any opt-out or option to enable or disable the thing, but after reading their email one can still disable it in the account settings. Only difference is it will re.be enabled by default now, as opposed to disabled by default before.

I, on the other hand, appreciate it when a website doesn't rely on a massive data mining company for everything. Some things are more important than convenience.

I have a guess at this side of this... new accounts can't gift, so hackers steal old accounts to buy gift codes with stolen credit cards to then sell on places like G2A.
At the end of the day, when the fraud is discovered and chargebacks etc. occur Gog is the one who is out of pocket, they've had to pay the fees, the game may already have been downloaded by an end user before the code was revoked so they lose a sale (to some extent) and may still have to pay the publishers of the game (not sure on that one).

So it makes sense for Gog to do as much as possible to secure accounts, particularly those which aren't used regularly where this activity could go unnoticed for a long time.

common sense is quite uncommon nowadays

I much prefer it when they don't use third party anything really, as in stuff not hosted on their servers. And I never login to a site with the tool provided by another. Yep, that means I do not touch anything that's not a Facebook property but requires a Facebook login and provides no site-specific alternative.
No kidding. Also remember GOG being a rather niche seller and striving to maintain its core customer base and make them happy.
Not expecting better spares disappointments, but always demand better, otherwise things will only get worse.

And true about every large company, but do have a couple of good examples, if not that large.
[rant]
My one experience with Leadtek customer support was in the spring of 2015 when I got this computer and the motherboard no longer had an aux or CD in port for the old system the TV tuner has to deliver sound, so I sent a message to Leadtek support asking if there's anything I can do about it. Note that we're talking about a product long since discontinued, which I had bought back in 2004, so providing a solution may have been tricky for their current staff and definitely didn't help them in any way. However, while the English was about as broken as you'd expect from that part of the world, there was no language barrier, no canned replies and no going around in circles. Instead, I got instructions, with pictures attached, to make a cable either from the tuner's existing one or from a CD audio one and a 3.5 mm jack, to poke out through the back of the case and use the line in jack for sound and make it work. That was pretty nice.
Also, in terms of customer engagement, if not solutions, must say Emsisoft. Switched to it as antivirus at the start of the year and I've been keeping the same ticket since to know I reach the same person and whenever there's a problem or I just want to ask something he'll reply within hours or even minutes and we take plenty of things back and forth. Sadly the recent problems, since the forced auto update to 11.10 (I'm on the delayed program update setting, had had no program updates since the beginning, staying at 11.0), are not getting solved and if anything seem to be worsening, but he does assure me he's been pestering the devs and forwarding everything, including the suggested changes, but they're too busy with v12 now, so maybe later. So no real results, but a lot of goodwill. He even told me once that if they implement automatic game mode with no way to turn off the check, since that was a concern I had, I'm free to curse at him. And with this update guess what I saw, so I cursed up a storm in a mail and he said fair enough, not upset at all, will definitely be on the devs' case to change it. Still waiting for, well, anything to actually happen though.
[/rant]
Off topic, i know, but just showing some support for nice people.

So every sane person, who deletes it's cookies after a browser session, has to enter a code every time they login... No thanks!
When the heck will GOG implement the much needed email-change confirmation procedure!? That is important, not this bs.

Of course not. That would be easy to implement and in fact useful. GOG would never do such a thing. ;)