This is absurd. Really? Is this really necessary? If someone wants to automate logging into GOG with a bot, why not just let them? What harm does it do? Are you afraid of making it too easy for someone to buy something?

Whoever came up with this should be smacked across the head. Severely. Several times.

You can choose to stay logged in so you only have to do the Captcha thing once.

Also, security reasons, I think to prevent scripts from throwing passwords at the login until one gets through. Or something like that.

I can't do that. I use CCleaner to clear my temp files on a daily basis for security reasons. Neither do I let my browsers save login information, for security reasons.

The best security is saving your password to your brain, and typing it in every time you log in. All login captcha does is make life a pain in the butt for people who are already security-minded.

It's not GOG"s job to hold people's hands anyway. They provide a password field to our accounts. It's up to us to engage in sensible security practices.

If you let your browser save your passwords and leave it open all the time with your accounts logged in, it's not GOG's fault if someone comes along and lifts your stuff.

I am unsure if it effective against them, but if it prevents those who apparently use some kind of scripts to e.g. mass-downvote posts, I'm all for this new change, even if it makes setting up gogrepo.py a bit harder (you have to export valid login cookies from e.g. Firefox to gogrepo, once).

Woah, hold on. As a paranoid person shouldn't you appreciate presence of captcha?

That's what everyone wants him to think!

Seriously though you make a great point. The Pentagon doesn't take the security measures he does and yet he is upset by this. :P You can't have it both ways!

You don't really have to stay logged in, as long as you don't delete cookies (and maybe some other offline data) when you exit the browser. I log out every time in Internet Explorer but I don't delete the cookies afterwards, and I don't get the captcha.

On Firefox though, at least if I delete cookies, I do get that captcha on every browser start and log in.

All of that is true, but in the end gOg are the ones who have to spend the time and effort to take care of customer problems resulting from account hijacks and such. So it behooves them to add that extra little bit to save some customer frustration and some support time.

Guessing we could spend a lot more time grumbling about the box than the time it takes to click it.

Only humans allowed, sorry.

Like some social networks, GOG could have users create a sort of access token that third-party applications could authenticate with, while perhaps not offering some functions (voting, for example, perhaps also accessing gift codes and make purchases) to sessions authenticated in that way.

Say that somewhere on our settings page, we have a button to "create authentication token", with a list below it of currently active tokens (of course, for the current user), with options to view details of active and closed sessions (timestamp, IP adress, and what name the application used). And clicking it would add an entry to the list, a "random" string of lower-case letters, upper-case letters, digits, and other characters. Each token would also have a button to "revoke token", kicking out everything currently using said token, and making it invalid for log in.

If I download an application built to use GOG, say the gogrepo script, I would enter this string into it somewhere, and it would be able to access (parts of) my account (in order to download the games).

*drops tinyE in molten metal*

I was expecting something different in your link

Someone above mentioned that this would prevent people who downrep often.

I've sighted the captcha to login some time ago. I'm still downrepped by 3 rep points per one or two days, so if it's a solution to the downrep problem, no, that wasn't the fix you were looking for.

These mysterious downreps are still bugging me.

If those script was associated good cookie (so somebody manually bypassed the reCaptcha) the script will still function. If the recaptcha would be done with like every site visit (or 5) this would prevent quite a bit the downrepping.

But think of the outcry if GOG would implement this......