Since you are going to make 2-factor-authorisation mandatory in the future, how about supporting Google Authenticator or Yubikey to authenticate with?

I'll probably be thrown stones at again for daring to ask for someone to clarify, but what are those? And why should we want them?

Why would a DRM free site want ANYTHING google?

DRM-Free single player. 2FA is not singleplayer. Nor a game.

...

Doesn't really answer the question about why we would want anything Google here. The most invasive company in the world. People were pissed when Microsoft started doing a little bit of what Apple and Google have been doing for a decade. Why would we want some invasive data miner here? That's the kind of stuff that a lot of the long term Goglodytes want to avoid. And I've got stuff blocking the tracking from going on. :D Still doesn't answer the point. I won't be able to login if they do that, because why have anti tracking software if I have to disable it just to get in the door?

When did they say that? All I saw was news that it will be enabled by default, not that it will be mandatory. Has the story changed now?

then the point is not "Why would a DRM free site want ANYTHING google?" but "I personally would not want to touch google anything with a 10 fot pole". What you want to do, and what gOg want to do are two very different things.

edit - because the answer to your question is clearly "because they already do and use google somethings"

Why would GOG want something to further alienate their customer base though? I'm not the only one in this regard who don't want tracking garbage all over my computer..

you would be surprised who few cares, and how much does google authenticate actually track? Or are you saying it does just because it is a "google something"?

basster, have you been drinking?

Weren't they using Google Analytics for the website for ages already?

Granted, i think they clarified the data was only used by GOG, but it's still datamining :)

Lets look at some facts, rather than getting hung up on the name "Google".

There are some protocols for two factor authentication. Namely TOTP and HOTP. These protocols are open and well documented*. These things work based on some interesting math (cryptography). It calculates a 4 digit "one time password" based on your "key" and the current time (or a login counter). These codes are not sent by mail or SMS or anything like that, they are calculated by your "client". A client could be an app on your phone, a hardware token (USB thing) or even a desktop application.

The Google Authenticator is only ONE implementation of these protocols. It's open source, and if you don't trust it, because it has the name "Google" attached to it, then you have a host of other apps at your disposal. Such as Authy or FreeOTP to name two alternatives. So, you can see, Google can not get hold of this data.

Yubikeys are hardware tokens that can (some models) do that. But some Yubikeys implement a different two factor authentication scheme called U2F, which is also great. Of course there are other alternatives for such hardware tokens.

The point is, maybe you don't want the authentication to run over the same channel (e.g. E-Mail) that is also used to login or RESET YOUR PASSWORD! Because if you do lose control of your mail account, then it's game over. That's why I'd support the idea of supporting TOTP/HOTP/U2F protocols for two factor authentication (at least I'd prefer it over sending authentication codes by mail).

*) RFC 4226 (HOTP) and RFC 6238 (TOTP)

I don't know how the implementation of a similar system that I have seen works, or if it's built on either of said standards, but from what I have seen, the hardware token doesn't need a connection to the computer or outside world at all, not even a charging port as it might simply have a replaceable battery (or have the whole device replaced when the battery expires after a few years or the device otherwise malfunctions). In that case, you get the key built-into the device and on a sticker, said key would be manually associated to your account (by yourself, or by support).

Small side note - this is only true up to version 2.21, the later versions are proprietary.