unlimitedterror unlimitedterror Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

I would love actual 2FA and the fact the other thread got closed is a joke.
Email 2FA doesn't help at all considering email is one of the least secure method of communication alongside SMS...
I would love to have the option to use my FIDO yubikey but, If GOG doesn't want to add that at least being able to use an OTP app would be a good start.
From what @dd31879 said not everyone does have a phone so it wouldn't make sense to force it for everyone, As even less people have a Security Key but just having the option for people who want to enable it would be ideal.

J__Player J__Player Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Duplicate. The one with the most votes I found is www.gog.com/wishlist/site/twofactor_authentication_sms_security_2fa

J__Player J__Player Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

This is an important request and should be prioritized. E-mail and SMS 2FA aren't good methods.

sparklegravy sparklegravy Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Sending a 4-digit code by email as your only 2FA method is absolutely madness in 2023. Hire me and I'll build a proper 2FA system for you.

jake_speed jake_speed Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Another thread here with the same request. www.gog.com/wishlist/site/add_google_authentication_option

JonJaded JonJaded Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

add it NOW

pragnienie1993 pragnienie1993 Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

WTF it's 2023 and they still havem't sorted this out?

Zigory100 Zigory100 Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

2FA by mobile App or FIDO (hardware keys). E-mail based 2FA may be dangerous and it is inconvenient

dd31879 dd31879 Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

@JakobFel "I can support this if it's given as an option, rather than a replacement for the email verification. I don't use a smartphone and don't want to tie my account(s) to a single PC so my only option is stuff like email verification. "

I can sympothize with that. Being an IT Manager for many years I have seen many platforms and how they implement their authenticator. I even remember working with the old RSA key fobs.

I think a common misconception is that everyone has a smartphone. Really though not everyone does and in fact many people opt only for flip phones with basic calling. I think there should be options for:

1. Existing GoG email
2. A GoG proprietary authenticator app (possible?) kind of like how Steam has one, Blizzard has one, etc.
3. Option to use popular third party authenticators such as Microsoft, Google, Yubico, Authy, etc.

My honest opinion is I hate receiving 2 factor authentication by email. In fact its been widely accepted that this is NOT a secure way to handle it by all of the major industry players. The other thing I dont like is that it is only a 4 digit key vs a 6 or 8 digit key.

maxmag maxmag Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

We need 2FA by App!

SlyAceZeta SlyAceZeta Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Please add these options! I don't want to use my email as a two-factor authentication system.

HikariWS HikariWS Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Fk these mobile! We don't want them, we want FIDO! And TOTP for KeePass.

JakobFel JakobFel Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

I can support this if it's given as an option, rather than a replacement for the email verification. I don't use a smartphone and don't want to tie my account(s) to a single PC so my only option is stuff like email verification.

becauseimmanual becauseimmanual Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

First thing I missed coming from Steam as soon as I downloaded GOG Galaxy. I don't really feel safe spending a lot of money when there's no TOTP to protect the games I bought in case someone was to get ahold of my account

AfroScribble AfroScribble Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Here is (yet another) demonstration of why SMS authentication is terrible and GOG should implement more secure auth methods like TOTP: <a <a href="href="https://lucky225.medium.com/its-time-to-stop-using-sms-for-anything-203c41361c80"" class="light_un" target="_blank">href="https://lucky225.medium.com/its-time-to-stop-using-sms-for-anything-203c41361c80"</a> class="light_un" <a href="target="_blank">https://lucky225.medium.com/its-time-to-stop-using-sms-for-anything-203c41361c80</a>" class="light_un" target="_blank">target="_blank">https://lucky225.medium.com/its-time-to-stop-using-sms-for-anything-203c41361c80</a></a>

SMS is not secure for anything. Please implement TOTP.

christopher.robot christopher.robot Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Gibborz app support nao.

GGLapkizzz GGLapkizzz Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Mobile app 2FA is the minimum security requirement nowadays. And YubiKey/FIDO2/WebAuth would be quite nice to have.

TD_derpy TD_derpy Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

I'm equally annoyed by this, i needed to get my 2fac code and just opened my auth app.
Email is not strong enough any more!

ewhac ewhac Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Can't believe this has been sitting here for four years. Sending codes over email does not mean you have "solved" 2FA for the site (what if their email account has been compromised?).

This should have been done ages ago. TOTP is trivial to implement. Yubikey/FIDO2/WebAuthn would be extra nice.

GekkePrutser GekkePrutser Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

This is really absolutely needed. I'm sad GOG doesn't have it, as it's so great in all other ways.

Please add, guys! It's not even a huge job. TOTP would be great, Fido2 with CTAP2 would be amazing.

baffofred baffofred Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Please offer alternative and more secured two factor authentication methods

l3x_110 l3x_110 Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

This is nowadays a must.

Khourchef Khourchef Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

2020 is here and no mobile TOTP support or those Yubikey? c'mon !! its a must this days if you want to secure an account with games purchased in it.

AfroScribble AfroScribble Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Please do add support for mobile authenticators (and if not by an app made for GOG specifically, use the TOTP standard). SMS is a very poor method of authentication (re: SIM jacking) and email is quite cumbersome.

DefiCzech DefiCzech Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

It is must have today. Pin via email or sms, seriously?

UnconBeing UnconBeing Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

If security is at all a concern for GOG and they value their costomers I strongly believe 2FA TOPT should be the primary option avaialble. I was very shocked that it is a 4 digit pin sent to your email.

gregoryopera gregoryopera Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Yep, this gets my vote with a preference for TOTP.

Balthasa1983 Balthasa1983 Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

agree please go for it

Chronon88 Chronon88 Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Authy support, please. Humble Bundle does that and it works perfectly.

imranf1 imranf1 Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

A competing platform offers both 2FA via email or app, which is a good idea because not everyone has access to both.

Fangh Fangh Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

the email come in 5-10 minutes ! It's horrible ! I want to use Authy on my phone plz

agreee agreee Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

I second this request. It's nice to have one app (like FreeOTP) for all your logins

tones1208 tones1208 Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

I don't want to have to go out and buy a smart device just to access my account/etc.

Coreda Coreda Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Being able to use a QR code to sync with timed counter, with the option for disabling/resetting 2FA via email should the device go missing would be great. Some services also allow for setting up a backup phone for such situations.

HaydenRead HaydenRead Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Definitely prefer TOTP over HOTP... Have also voted for this: www.gog.com/wishlist/site/two_factor_authentication_with_totp

RandomFallout RandomFallout Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

1Password and Authy both support Google Authenticator which adds security and gives flexibility to the user.

ssokolow ssokolow Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

From what I remember from playing around with a YubiKey, HOTP uses a counter and, as such, doesn't play well with having more than one authenticator, so I'm against that.

However, I'm in favor of TOTP as long as it doesn't use something like Authy where you MUST use SMS to receive the TOTP seed and Authy will then zealously guard it. (My protable device is an OpenPandora running a non-Android Linux and, for desktop use, I do 2FA via KeePass2 with the TrayTOTP plugin.)

Google Authenticator is fine in that respect, making it easy to extract the TOTP seed from the QR code using libqrdecode if the site was mean enough to not include it in clear text below the QR code.

(Given my use of KeePass2 with a unique, strong, hard-random password for each site and my use of HTTPS Everywhere and rules like "never click a link in an e-mail", I fear getting locked out by a 2FA oops far more than getting my password compromised, so I must have at least two authenticators.)

Plus, given that the OAuth API LGOGDownloader uses is incomplete, I need TOTP so that LGOGDownloader can comfortably share the TOTP seed with my regular authenticators.