Hello,

I am very happy that the GOG is adding a two-step login. But is there a way we could get an option for time-based tokens (two-factor authentication) instead of email confirmation ?

I'd like to add it to my authenticator app (Authenticator Plus in my case). It would be way more convenient for me.

Thanks for reply,

Adam 'Mavi' K.

A couple things:
1. This here is the forum. The staff rarely reads it. You may or may not get a reply from them, but you're likelier to get a response by PMing one of them directly or emailing support.
2. You could make an entry for it on the wishlist.
3.. Considering how "often" GOG changes things like this about the website, I really doubt it'll happen.

I assume the send 4 digit code will expire after 1 hour or so like the ones on steam do?
1 Hour is quite a long time to expire, i mean logging into a mail should not take 60 minutes i guess.




Extra security is okay but...............

Things GoG might have overseen:

1) A users mail , paid or free mail needs to be ONLINE
2) Lets assume they will aso add a phone option like steam has:

Even this device needs an ACTIVE ONLINE service that provides your internet for your phone

Any of these services can be offline , or in the worst case being 'hacked' or other maintenance that can take lots of time.

my question: let assume GoG is 99.99% ONLINE

BUT any of the device service (online) is OFFline how will a user be able to login his account if these services arent availble to get the 4 digit code?

??? .... i think they might overseen this 'minor' problem.

Dowtine can and will happen at the most unwanted and unpleasant hours, Steam has been many times offline very long and thousands of users were complaining on every social media.

So how will a GoG user be able to get into his account when his mail isnt reachable ?

Suppose there is a sales and ths problem just happened.:

The poor user wont be able to get anything cause he cannot login because of the 2 step security, which cannot be used cause the mail or device where the code is send to has no internet connection because of a maintenance, ddos attack or even worse, burned servers.... migration of servers to a new storage ....

and these will always take place when you least expect it.

So how are we going to solve this little problem ?

disabling the 2 step is clearly NOT an option nor an answer so please I would love to here some staff how this in the unlikely event can be fixed and the users) in question can get the 4 digit code.

It could be fixed but likely the fix would be too inconvenient for most users, therefore very few people would opt to make use of it.

I don't see why disabling 2fa is not an option. It's an option you might not like, an option nevertheless.