Keep it clean
If you believe that a wish duplicates another one or is not meant for the category, use Options button above to report a duplicate or spam.
Add your wish
If there is an item you wish to have on GOG.com and it’s not yet on the wishlist, please add your wish
Two factor authentication with TOTP
The problem of using email to enable two factor authentication is the inherit dependencies of the email provider, in accessibility and reliability. The moment Google or Microsoft thinks you no long worth as their customer and kick you off platform, much of your access are gone. You can't get it back.
By implementing TOTP, RFC 6238 specifically, it guarantees reliability as it is standalone. This also means it is accessible no matter how Google is doing.
If GOG can step up to support WebAuthn, this give extra protection against phishing.
GOG please reduce dependencies in security systems.
TOTP is the minimum level of security that should be supported. Webauthn support would be even better.
e-mailing verification codes is fine with me based on security needs, but e-mail is substandard. TOTP would be a convenient upgrade but it's more important to me that GOG secures the user data they store well than it is for TOTP to be available to me.
Indeed, TOTP is a very convinient standard these days. It should be an option, especially if it will be not only Google Authenticattor, but also many other open source apps of that kind. Please, pretty please, consider implementing this feature.
Please, please, please! TOTP is in all ways superior to mail; it's faster, it's more secure, it's less annoying.
2FA over email is insecure. I do not trust my mail provider. Allow me to use Time-based One Time Passkeys please
TOTP ASAP PLEASE
Why is TOTP no available?
Please finally give us proper 2FA. It's been years. If my E-Mail account were to get compromised, so would be my gog account without TOTP.
TOTP for service that allows purchase of goods is a must have.
GOG really needs to implement TOTP ASAP.
TOTP options for using authentication apps makes sense, it's weird this isn't included with the email option
Still not? Had to wait 5 minutes for the e-mail. Frustrating, if I plan to spend money.
I hope to see this feature implemented as soon as possible, as TOTP is supported by many free and open source software projects, such as KeePassXC.
+1
There is already a bigger suggestion for this. Please vote for it so more people see it: www.gog.com/wishlist/site/two_factor_authentication_with_totp
+1
Please, I have too many games to lose on this account if it were stolen. Email codes are something but not enough.
Please for gods sake: drop that unreliable E-Mail only and don't think about using SMS either. Both are just stupid for reliability, security and response. Not everyone has cell reception. And your mail servers often suck in sending in a timely manner. Also E-Mail is NOT an instant medium and the worst choice for 2FA. DNS, DNSsec, DMARC, DKIM, greylisting, spam - all can go wrong with email. Just use TOTP standard like everyone else and if you have the time, add support for FIDO/U2F Tokens afterwards. But AT LEAST use TOTP!
+1
It's 2024 and GOG still doesn't have proper 2FA.
Even Epig Game Store has this feature, why GOG still doesn't have?!
It's wild this still isn't supported in the year of our lord 2024.
Duplicate. www.gog.com/wishlist/site/twofactor_authentication_sms_security_2fa
There are many similar requests. Everyone should check for the others.
Every time I have to log into GOG I'm annoyed by this missing feature.
And every time I check this wishlist and see no update
Another of many threads with this same issue/question. www.gog.com/wishlist/site/add_google_authentication_option
Has there been a statement as to why this hasn't been implemented?
TOTP and FIDO guys.
+1 für TOTP
+1 for Authy, as it doesn't force the user to have time synchronised with internet like other solutions.
Bumping once again. Hopefully look into TOTP/U2F Passkeys, email authenthication is not sufficient
Desperately needed. Sometimes the e-mails take obnoxiously long to arrive.
A must-have!
Email address as 2FA is not enough - it's a single point of failure, once compromised the malicious actor will simply reset the password and GOG will then happily send them authorization code.
TOTP and FIDO guys.
+1 for TOTP
Please add TOTP as an "offline" method compared to email
yes plase. i would love to use totp over email 2fa.
yes please! more secure and more convinient
I don't know what people are smoking that TOTP is not good
please GoG just add it
Yes, I'd love to use Authy for this site.
TOTP. Accept no substitutes.
TOTP is good, but FIDO is better. I'm not against TOTP, but FIDO must be the priority.
please do it
+1 FreeOTP
Why are we asking for TOTP? Just ask for webauthn from the start.
God, yes, please.
Here is (yet another) demonstration of why SMS authentication is terrible and GOG should implement more secure auth methods like TOTP: lucky225.medium.com/its-time-to-stop-using-sms-for-anything-203c41361c80
SMS is not secure for anything. Please implement TOTP.
Just FYI for everyone commenting with their preffered authenticators - when TOTP is implemented you can use ANY compliant implementation. All of them are pretty much instantly supported.
Secondly, no, TOPT is not state of the art, Webauthn is, but TOTP would be 90% of the victory.
I would not mind if they implement the Microsoft Authenticator (which uses also TOTP)
Who's here in 2025 still waiting for a proper implementation of 2FA? I can't believe GOG still isn't using a Quantum-Lock Cypher. You'd think they would have learned their lesson back in 2021 when that massive data leak compromised all their user accounts. If only they'd had QLC back then. Hell, even TOTP would have saved the day!
90 comments about this wish