Keep it clean
If you believe that a wish duplicates another one or is not meant for the category, use Options button above to report a duplicate or spam.
Add your wish
If there is an item you wish to have on GOG.com and it’s not yet on the wishlist, please add your wish
Two factor authentication with TOTP
Every time I have to log into GOG I'm annoyed by this missing feature.
And every time I check this wishlist and see no update
Another of many threads with this same issue/question. www.gog.com/wishlist/site/add_google_authentication_option
Has there been a statement as to why this hasn't been implemented?
TOTP and FIDO guys.
+1 für TOTP
+1 for Authy, as it doesn't force the user to have time synchronised with internet like other solutions.
Bumping once again. Hopefully look into TOTP/U2F Passkeys, email authenthication is not sufficient
Desperately needed. Sometimes the e-mails take obnoxiously long to arrive.
A must-have!
Email address as 2FA is not enough - it's a single point of failure, once compromised the malicious actor will simply reset the password and GOG will then happily send them authorization code.
TOTP and FIDO guys.
+1 for TOTP
Please add TOTP as an "offline" method compared to email
yes plase. i would love to use totp over email 2fa.
yes please! more secure and more convinient
I don't know what people are smoking that TOTP is not good
please GoG just add it
Yes, I'd love to use Authy for this site.
TOTP. Accept no substitutes.
TOTP is good, but FIDO is better. I'm not against TOTP, but FIDO must be the priority.
please do it
+1 FreeOTP
Why are we asking for TOTP? Just ask for webauthn from the start.
God, yes, please.
Here is (yet another) demonstration of why SMS authentication is terrible and GOG should implement more secure auth methods like TOTP: lucky225.medium.com/its-time-to-stop-using-sms-for-anything-203c41361c80
SMS is not secure for anything. Please implement TOTP.
Just FYI for everyone commenting with their preffered authenticators - when TOTP is implemented you can use ANY compliant implementation. All of them are pretty much instantly supported.
Secondly, no, TOPT is not state of the art, Webauthn is, but TOTP would be 90% of the victory.
I would not mind if they implement the Microsoft Authenticator (which uses also TOTP)
Who's here in 2025 still waiting for a proper implementation of 2FA? I can't believe GOG still isn't using a Quantum-Lock Cypher. You'd think they would have learned their lesson back in 2021 when that massive data leak compromised all their user accounts. If only they'd had QLC back then. Hell, even TOTP would have saved the day!
hi
If you looking for house / apartment / condo , …. in Montreal
I’m real estate broker
my site: realestate-savaria.ca/ realestate-savaria.ca/properties-list-2/ realestate-savaria.ca/blog-list-no-sidebar/
The current implementation is not secure. If I want to take over someones account I will mainly take over their E-Mail to change the password and guess where the 2FA for that lands ... thanks for making it easy >.>
Yes, TOTP is state of the art for 2FA.
Can't believe this has been sitting here for four years. Sending codes over email does not mean you have "solved" 2FA for the site (what if their email account has been compromised?).
This should have been done ages ago. TOTP is *trivial* to implement. Yubikey/FIDO2/WebAuthn would be extra nice.
Email 2FA is not secure. Use a proven standard, TOTP is the obvious choice.
E-Mail 2FA left me angered today. Please offer TOTP as alternative...
TOTP is important; Nitrokey support would be really great.
TOPT would be great for both security and usability.
Yes, please. E-Mail is totally outdated.
Please offer alternative Two Factor authentication methods
+1
Calling the previous request "fixed" when you resort to email is bad. TOTP or don't pretend you have a secure second factor.
www.gog.com/wishlist/site/twofactor_authentication_sms_security_2fa
Definitely want this! Would integrate perfectly with my password manager, whereas manually copying/typing email codes is tiresome bullsh*t.
+1 for TOTP!
Keepass + Tray TOTP Plugin is my go-to-Tool for secure logins nowadays. Please make it happen!
+1 for TOTP!
U2F via Nitrokey would be even better.
One vote for this.
TOTP is an open standard. It is *not* restricted
to any commercial company. Any client that implements the TOTP protocol can be used.
So we do not need to wait for the mail to be delivered.
+1 for TOTP Support. Many password managers like KeepassXC / Keepass2Android support it very well.
Yeah, email 2FA is garbage - please provide TOTP.
My vote went here, as well.
+1 for TOTP!
+1 for TOTP Support. I have a pretty big games library on gog and like to secure it.
+1 We need this definitely!
Modern security requires this. While maybe GoG isn't as critical as your bank, there are lots of lots of tools to implement OTP these days and lots of phone apps to allow it. Me, I use andOTP, but lots can use OTP codes.
It is the Current Year, we should not be stuck using outdated email-based 2FA.
66 comments about this wish