It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussion2-step authentication(30 posts)(30 posts)
(30 posts)
Pages:
1
2
This is my favourite topic
Posted July 19, 2021
I would love to see an option for 2-step authentication to be done as an SMS rather than an email. If someone's hacked a GOG account then they likely have the attached email so 2-step becomes useless.
I also have the issue where my emails can take longer than 15 mins to be received so my 2-step becomes 12-step.
Posted July 19, 2021
2 step is not designed for Australia... our network system is just different mate
Posted July 19, 2021
I'd consider just having an alternate recovery e-mail an improvement over the current situation.
Wish: Multiple email adress for Two-Factor Authentication

Most community wishes request 2FA via some kind of authenticator app rather than SMS. Here are some wishes relevant to your request:
Two-step authentication
SMS/authenticator based 2-factor authentication
2factory SMS Verification
Posted July 19, 2021
As long as the email option is still an option, I'm not against this. As a guy who doesn't use a phone, SMS and authenticators just aren't my thing so email authentication is my only choice.
Posted July 19, 2021
low rated
avatar
CoalFyre: If someone's hacked a GOG account then they likely have the attached email so 2-step becomes useless.
Only if you're dumb enough to practice terrible cybersec.
Posted July 19, 2021
avatar
CoalFyre: I would love to see an option for 2-step authentication to be done as an SMS rather than an email. If someone's hacked a GOG account then they likely have the attached email so 2-step becomes useless.
Why is that? Do you mean they can always also hack the related email account, or change the email address without any problem, as long as they can guess your GOG password?

Naturally you have a different password for your email account and your GOG account, right?

I presume email 2FA is the cheapest solution, GOG just sets up some email server with postfix etc. Sending SMS to all users costs at least some money, I presume. (Not sure if there are 100% "free SMS" solutions to corporations.)

Not sure how much the smartphone app-based solutions costs, or if there are free 2FA alternatives.
Post edited July 19, 2021 by timppu
Posted July 19, 2021
The best option would be to create a mobile phone authenticator. I'm talking about a solution similar to the one that Battle.net uses. Some GOG accounts have a huge value, so they can be a good target for hackers, especially when we keep in mind the fact that GOG offers DRM free games. An authenticator would decrease the probability of loosing control over the account to a minimum.
Posted July 19, 2021
avatar
Sarafan: The best option would be to create a mobile phone authenticator. I'm talking about a solution similar to the one that Battle.net uses. Some GOG accounts have a huge value, so they can be a good target for hackers, especially when we keep in mind the fact that GOG offers DRM free games. An authenticator would decrease the probability of loosing control over the account to a minimum.
TBH honest, I follow the DRM free and download everything I buy immediately onto my backups, that way I have no reliance on the website. The website also has very little information on me, isn’t connected to anything else, and I don’t use galaxy. Therefore minimum to lose from my viewpoint, whereas installing some other app on a phone is opening up another Avenue of attack. If you want to protect yourself, remove galaxy, unlink the various accounts, follow good practice on password setups etc.
Posted July 19, 2021
low rated
2 steps is not enough
Posted July 19, 2021
avatar
nightcraw1er.488: TBH honest, I follow the DRM free and download everything I buy immediately onto my backups, that way I have no reliance on the website.
But you wouldn't want to loose access to your account nevertheless. It's always good to have an additional backup of games over the Internet.
avatar
nightcraw1er.488: The website also has very little information on me, isn’t connected to anything else, and I don’t use galaxy. Therefore minimum to lose from my viewpoint, whereas installing some other app on a phone is opening up another Avenue of attack. If you want to protect yourself, remove galaxy, unlink the various accounts, follow good practice on password setups etc.
Blizzard has done a great job with implementing the authenticator. It's safe because the hackers would need to have access to your phone and computer simultaneously to get control over your Battle.net account. In most cases the security that GOG provides is enough, but there are some rare situations when someone can loose access to his account because the hackers hijacked his e-mail account as well. Authenticator minimizes the threat to a minimum.
Post edited July 19, 2021 by Sarafan
Posted July 19, 2021
low rated
avatar
nightcraw1er.488: TBH honest, I follow the DRM free and download everything I buy immediately onto my backups, that way I have no reliance on the website.
avatar
Sarafan: But you wouldn't want to loose access to your account nevertheless. It's always good to have an additional backup of games over the Internet.
avatar
nightcraw1er.488: The website also has very little information on me, isn’t connected to anything else, and I don’t use galaxy. Therefore minimum to lose from my viewpoint, whereas installing some other app on a phone is opening up another Avenue of attack. If you want to protect yourself, remove galaxy, unlink the various accounts, follow good practice on password setups etc.
avatar
Sarafan: Blizzard has done a great job when implementing the authenticator. It's safe because the hackers would need to have access to your phone and computer simultaneously to get control over your Battle.net account. In most cases the security that GOG provides is enough, but there are some rare situations when someone can loose access to his account because the hackers hijacked his e-mail account as well. Authenticator minimizes the threat to a minimum.
yep , best to have a secure account

hmm what happens if you lose your mobile?
Posted July 19, 2021
avatar
Orkhepaj: hmm what happens if you lose your mobile?
Well, this can be a problem. Blizzard probably has some procedures in case this happens. I never was in such a situation however and I hope it stays this way. :)
Post edited July 19, 2021 by Sarafan
Posted July 19, 2021
low rated
avatar
Orkhepaj: hmm what happens if you lose your mobile?
avatar
Sarafan: Well, this can be a problem. Blizzard probably has some procedures in case this happens. I never was in such a situation however and I hope it stays this way. :)
this is why im against phone authentication, the change to lose phone is probably significantly higher than your account is hacked with your email, and TOTP should be as good
Posted July 19, 2021
I'd prefer TOTP, at least then you're not hosed if you lose your phone.

Though, as a sidenote to what others have said, there is a py version of the Battle Net authenticator; python3-bna.

Or something like what Discord uses. Scan this code, boop you're done.
Post edited July 19, 2021 by Darvond
Posted July 19, 2021
Uhm, I vote for 1 step authentication... =choose a strong password and change it with some frequency!=
Evidently I got lost but:
1) Why do we need 2,3,4 steps authentication in the first place? Security experts have provided Proof of Concepts that SMS & tokens are not secure...
2) Got hacked? Dont we have an email + user info + transaction receipts + GOG's cookies & geolocation to clearly re-claim our account with such & enough evidence?
3) Isn't a little over the top to ask for armored security on a gaming store? Maybe we can ask GOG to track our location realtime 24hx365d to ensure we don't get -lost- in the middle of every visit...
I ask you to reconsider, please.
Pages:
1
2
This is my favourite topic
Community
General discussion2-step authentication(30 posts)(30 posts)
(30 posts)