Keep it clean
If you believe that a wish duplicates another one or is not meant for the category, use Options button above to report a duplicate or spam.
Add your wish
If there is an item you wish to have on GOG.com and it’s not yet on the wishlist, please add your wish
Two factor authentication with TOTP
Added by
PhoneixS Now that we have two factor authentication, could be very nice to have a Time-based One-time Password Algorithm (TOTP) to make the second factor. For example using Google Authenticator (or many other free open source apps) to generate the authentication token instead of receiving an email.
doofmars Every time I have to log into GOG I'm annoyed by this missing feature.
And every time I check this wishlist and see no update
jake_speed Another of many threads with this same issue/question. www.gog.com/wishlist/site/add_google_authentication_option
SigmundSeegras Has there been a statement as to why this hasn't been implemented?
Haari TOTP and FIDO guys.
Kamikatze3D +1 für TOTP
neube +1 for Authy, as it doesn't force the user to have time synchronised with internet like other solutions.
AfroScribble Bumping once again. Hopefully look into TOTP/U2F Passkeys, email authenthication is not sufficient
squeegily Desperately needed. Sometimes the e-mails take obnoxiously long to arrive.
##@@##@@ A must-have!
Zirrek Email address as 2FA is not enough - it's a single point of failure, once compromised the malicious actor will simply reset the password and GOG will then happily send them authorization code.
TOTP and FIDO guys.
kurganme +1 for TOTP
Erdnerdchen Please add TOTP as an "offline" method compared to email
dm_me_your_poem yes plase. i would love to use totp over email 2fa.
Xtrict yes please! more secure and more convinient
Addon3 I don't know what people are smoking that TOTP is not good
please GoG just add it
Cheater87 Yes, I'd love to use Authy for this site.
a-p-petrosyan TOTP. Accept no substitutes.
HikariWS TOTP is good, but FIDO is better. I'm not against TOTP, but FIDO must be the priority.
Firecates please do it
sergantrus +1 FreeOTP
Akashic_Traveller Why are we asking for TOTP? Just ask for webauthn from the start.
quadcore00 God, yes, please.
AfroScribble Here is (yet another) demonstration of why SMS authentication is terrible and GOG should implement more secure auth methods like TOTP: lucky225.medium.com/its-time-to-stop-using-sms-for-anything-203c41361c80
SMS is not secure for anything. Please implement TOTP.
Avamander Just FYI for everyone commenting with their preffered authenticators - when TOTP is implemented you can use ANY compliant implementation. All of them are pretty much instantly supported.
Secondly, no, TOPT is not state of the art, Webauthn is, but TOTP would be 90% of the victory.
chris.gog I would not mind if they implement the Microsoft Authenticator (which uses also TOTP)
Mister_Cairo Who's here in 2025 still waiting for a proper implementation of 2FA? I can't believe GOG still isn't using a Quantum-Lock Cypher. You'd think they would have learned their lesson back in 2021 when that massive data leak compromised all their user accounts. If only they'd had QLC back then. Hell, even TOTP would have saved the day!
christiane_savaria hi
If you looking for house / apartment / condo , …. in Montreal
I’m real estate broker
my site: realestate-savaria.ca/ realestate-savaria.ca/properties-list-2/ realestate-savaria.ca/blog-list-no-sidebar/
Moonwolf287 The current implementation is not secure. If I want to take over someones account I will mainly take over their E-Mail to change the password and guess where the 2FA for that lands ... thanks for making it easy >.>
nudgegoonies Yes, TOTP is state of the art for 2FA.
ewhac Can't believe this has been sitting here for four years. Sending codes over email does not mean you have "solved" 2FA for the site (what if their email account has been compromised?).
This should have been done ages ago. TOTP is *trivial* to implement. Yubikey/FIDO2/WebAuthn would be extra nice.
dloc Email 2FA is not secure. Use a proven standard, TOTP is the obvious choice.
lakrimar E-Mail 2FA left me angered today. Please offer TOTP as alternative...
LordDragon TOTP is important; Nitrokey support would be really great.
John-the-Doe TOPT would be great for both security and usability.
Qubitza Yes, please. E-Mail is totally outdated.
baffofred Please offer alternative Two Factor authentication methods
ilovetekkno +1
Ogredi Calling the previous request "fixed" when you resort to email is bad. TOTP or don't pretend you have a secure second factor.
www.gog.com/wishlist/site/twofactor_authentication_sms_security_2fa
Patneu Definitely want this! Would integrate perfectly with my password manager, whereas manually copying/typing email codes is tiresome bullsh*t.
+1 for TOTP!
oshc Keepass + Tray TOTP Plugin is my go-to-Tool for secure logins nowadays. Please make it happen!
+1 for TOTP!
Enginnsson U2F via Nitrokey would be even better.
sheepduke One vote for this.
TOTP is an open standard. It is *not* restricted
to any commercial company. Any client that implements the TOTP protocol can be used.
So we do not need to wait for the mail to be delivered.
Domker_ +1 for TOTP Support. Many password managers like KeepassXC / Keepass2Android support it very well.
Velgus Yeah, email 2FA is garbage - please provide TOTP.
AkitoKitsune My vote went here, as well.
Fohroer +1 for TOTP!
guenxmuerfel +1 for TOTP Support. I have a pretty big games library on gog and like to secure it.
Onkzeek +1 We need this definitely!
Drizzt321 Modern security requires this. While maybe GoG isn't as critical as your bank, there are lots of lots of tools to implement OTP these days and lots of phone apps to allow it. Me, I use andOTP, but lots can use OTP codes.
Belazor It is the Current Year, we should not be stuck using outdated email-based 2FA.
66 comments about this wish