Out of recent events.

I would like to see that you can backup/link your account to your Phone number or second e-mail adress.
Ones your main e-mail get hi-jacked you locked out to do anything.
Gladly when your main e-mail is linked to a backup and you can recover, but if not.
The time you need to recover is crucial. A few hours and the hacker gets your gaming accounts and what not.
And why? Because many service provider are only fixated to your main e-mail. No further vaildation needed.

More Security would be nice. My Libary is growing every month.

With Kind Regards

The solution I chose to this problem is to self-host my own e-mail service. Nobody is ever going through the hassle of trying to hack into a server with only a couple accounts on it while it’s much more worthwhile to try to fish for Google or Microsoft accounts.

What recent events?

In any case, some secondary form of 2FA has been requested for at least half a decade:
https://www.gog.com/wishlist/site/two_factor_authentication_with_totp
https://www.gog.com/wishlist/site/twofactor_authentication_2fa_support_for_mobile_apps_via_open_standard
https://www.gog.com/wishlist/site/provide_token_generation_via_totp_for_2fa_as_an_alternative_to_code_per_email
https://www.gog.com/wishlist/site/second_layer_of_protection_to_gogcom_accounts
https://www.gog.com/wishlist/site/multiple_email_adress_for_twofactor_authentication

A lot of 2FA is retarded and is just as likely to cause problems.
Gog switching from login names to an email is retarded too.

It obviously won't be as ideal as having GOG directly support 2FA, but if you are seriously concerned about the security of your account, you could enable email 2FA on GOG and then mobile 2FA on your email address. That means entering two separate codes every time you want to login, but it should provide the same security (if not convenience) of GOG having mobile 2FA directly.

I agree that using two-factor authentication via email and 2FA for mobile on your email address may provide an additional layer of security to your GOG account. However, as you noted, this may not be as convenient as using direct 2FA for mobile devices.

In this case, I believe that the ideal option would be to use OTP tokens. Such tokens are one-time passwords that are generated on your mobile device and are required to log in to the system. They add an extra layer of security to your account as hackers not only need to know your password but also have access to your mobile device to gain access to your account.

I would not recommend a phone number as people change their numbers and attacks like SIM swapping exist to compromise your number.

Instead, support for hardware keys like Yubikeys , passkeys, and backup recovery codes would be welcome!

I create a unique email address for each online account to help address the email issue. If they find out my email for one account, it only works for that one account!