nobody would like the result..

Its interesting how many people go crazy on anthing with google in it without taking any notice about the original purpose ot the topic.

Just a note to all those paranoid haters: take a loot into the source of this board and search for the term "analytics" and then go flaming anywhere else.

Google Authenticator was just an example for some ot the various 2FA apps/methods available.

You shouldn't breed, period.

http://www.free21.org/how-the-cia-created-google/?lang=en

Right, that makes logical sense. Rather than say, greatly bolster the already existing AltaVista or any other existing search engine at the time, the CIA goes out of their way in 1998 to go to California to the garage office of Google to propose...what exactly to the 2-4 employees at the time?

Them debate skills, though.

Your useless and meaningless opinion is duly noted.

nah i'm happy enough with 2FA as it is right now - google already knows enough about me ^^

As long as it continue working through email and not need the use of a mobile, is fine for me. I hate those 2FA that require the use of another device.

This is really frustrating. The current system of using ONLY email for 2fa is crap, even if you ignore the fact that email is not at all secure.

One thing that's not been mentioned in this topic so far is the potential for massive inconvenience when using email for 2fa. Let me tell you what happened to me. I wanted to login to buy stuff in this current sale. I couldn't login because I wasn't receiving emails from gog (I was getting all other emails to my email account OK). The point I'm making is that email is not even reliable! I tried for a whole evening to login and the emails were not coming through. So gog is allowing only one 2fa solution, and that solution is both insecure and unreliable! CRAP!

@ewhac @jug and @basster make good points, to which some here seem oblivious. TOTP protocols can work with no internet connection, sending no data anywhere. You can use an offline device for excellent security. There are huge advantages, and gog should implement this as a 2fa option without delay. For me it would be much better than being unable to login for a whole evening!

Aaaaaargghhhhh. If nobody from gog comments on this here I'm going to raise a ticket... I'm desperate... it's a no-brainer!

edit: Aaaarrrraaaaggghhhhhhhhhhh!

Google Authenticator works via TOTP, a standard for authenticators. How does TOTP in general work? You get a TOTP key which you then input in an application. Every 60 seconds, that TOTP key will generate an authenticator code to use on the site that provided the TOTP key.

For instance, GOG could implement a TOTP solution to two-factor authentication. When you want to opt in, they will provide you a key, a string of letters and numbers, and tell you to use it with your authenticator app. There are many authenticator apps. I personally don't use Google Authenticator at all, instead I rely on Enpass.

So say you provided the key to Enpass. Every 60 seconds, Enpass will generate a new code which you copy to GOG to verify your identity. What I want to say is, Google Authenticator is not a standard. It's simply an easily replaceable application that relies on a standard. So in essence, if GOG chooses to implement TOTP, they will not rely on *Google* in the end.

Thought I'd say this for clarification.

But just to make things even clearer, if GOG chose TOTP, you could use Google Authentication.