It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Pay with one click, avoid additional bank fees, and track your gaming budget!



Today, we're rolling out the GOG Wallet, a highly-requested quality-of-life feature aimed at gamers who frequently face international bank fees, use pre-paid debit cards, or prefer the extra convenience and control over their budget.

The GOG Wallet is designed to be user-friendly and flexible: top-up your Wallet with any amount between 5 USD and 500 USD (or the local equivalent) using any payment method; if you're using a pre-paid card, or you're just a bit short on Wallet funds, you can easily combine GOG Wallet funds with other payment methods during checkout. It's easy, fast, and totally safe.

Additionally, any store credit earned with the Fair Price Package (if a product costs more in your country than in the US, we always make up the difference) will now be automatically added to your GOG Wallet funds. Nobody likes to take time out of their gaming to do math, so we're doing it for you!



To kickstart your GOG Wallet and learn about the details, make your way to <span class="bold">www.gog.com/wallet</span>.
avatar
Tyrrhia: Will it go away after some time?
avatar
Vythonaut: Hmm, weird. It doesn't stay in my cart when I close the window or press back, no matter how many Wallet funds I add.
Tried that; didn't work. I'm now stuck with two pending orders. You evil thing! ;P

avatar
Maxvorstadt: Curiosity killed the cat, so be carefull next time. :-)
Well, I wasn't. :P
avatar
PaterAlf: No, it's completely bad and unusable for people who clear their browser cache after each session. You'll have to enter the mail code every single time you want to log in and that's extremely annoying.
That should actually be the default for any 2FA system, to ask for validation each and every time, since any cases which bypass 2FA could possibly be exploited and be used for cases which shouldn't bypass it. But "I have to use 2FA each time? Why? Not using it, too much hassle", thus we get cases to ignore 2FA (cookies).

avatar
PaterAlf: And let's not talk about the fact that the system doesn't prevent hacking, because it only informs you after your mail or password was changed. And at that point the damage is already done and there's nothing you can do about it (except contacting support to get your account back).
2FA has nothing to do with that. It's similar to saying that your card's PIN number is what sends you your monthly statement, and thus it doesn't prevent card fraud, since by the time you see the statement, the fraud has already happened. And if someone has access to your 2FA mails, he already has access to your mail, thus whether before or after, he could still verify it.
This sounds really cool. I'll have to play around with it sometime to see the ins and outs of its uses but it sounds exactly like something I've wanted GOG to adopt for a while. Thanks!
Post edited August 30, 2016 by llj
avatar
JMich: if someone has access to your 2FA mails, he already has access to your mail, thus whether before or after, he could still verify it.
Indeed, that is why you should never have identical passwords (same password in other websites), specially for emails.
There's nothing gog can do if your email and gog password are abc123. =p

"Think twice before you speak, because your words and influence will plant the seed of either success or failure in the mind of another."
Post edited September 25, 2016 by almabrds
avatar
Tyrrhia: Tried that; didn't work. I'm now stuck with two pending orders. You evil thing! ;P
Delete the cookies set by GOG and see if it fixes (it should).
avatar
Taro94: And if everyone agrees to give each other the same sum, then the whole present giving is pointless and might as well be given up on.
Then it should be. Gifts are only good when they're a net positive. Someone went to New Zealand and brought me a compass so that I don't get lost on marathons (an in-joke). Someone went to SanFran and brought me a reference book of lies and excuses and a picture of rhododendrons. Someone saw a bar of oldschool Polish soap in a purple foil box and bought it for me. The gifts aren't only personal, they're also logistically costly or outright impossible to get for myself. I can't afford to go to SanFran to look at their fluffy rhododendrons, and I can't buy myself a bar of soap if I don't know it's being sold.

The other case of "net positivity" is when I just buy someone something for them to have without expectations of direct financial reciprocity. Maybe you're a starving artist and I can't draw to save my life, I give you a Cintiq and then get to look at your new and improved art. Maybe you want to play a videogame but can't afford it and I want to play it with you or hear your impreshunz, so I give you a game code. Etc.

Two people buying each other something preordered off the (probably virtual) shelf is a shitty practice. It doesn't need defending. It can't be defended from a rational position. Appeal to common practice is not rational.
avatar
Tyrrhia: Tried that; didn't work. I'm now stuck with two pending orders. You evil thing! ;P
avatar
Vythonaut: Delete the cookies set by GOG and see if it fixes (it should).
Nope. They're still there. I even opened my account in incognito mode, to no avail.
avatar
JMich: 2FA has nothing to do with that. It's similar to saying that your card's PIN number is what sends you your monthly statement, and thus it doesn't prevent card fraud, since by the time you see the statement, the fraud has already happened. And if someone has access to your 2FA mails, he already has access to your mail, thus whether before or after, he could still verify it.
It shouldn't be hard to implement optional 2FA just for certain cases like attempted password change or mail change. In that case it would prevent hijacked accounts and fraud, but wouldn't bother users who don't want to enter the code every single time they log into their account.
avatar
almabrds: And what does? No offense Alf, but if you have a solution in mind, please share with us.
See my answer to JMich for an easy solution.
Post edited August 30, 2016 by PaterAlf
avatar
Bookwyrm627: -Download your games. The best reason I can think of to bother trying to steal a GOG account.
Why? Most games are available on torrent sites. Stealing an account just adds an actual crime on top of domestic copyright infringement, punished much more severely in many jurisdictions. Finally, setting up the proverbial seven proxies takes time and kills the download speed.

No, the best reason to steal a GOG account is your #1: try to sell it to a dumbass, then cash out, fast, leaving either the dubmass or the payment system to eat the financial loss.

avatar
Bookwyrm627: -Remove the games from your account, just to be malicious.
Probably not possible uness human error is involved. GOG asks for identification when removing games.

What they also can do is read your uncleared private messages and basic account data (including potentially the last 4 digits of the card number; see the Mat Honan hack why it's bad).
avatar
Digital_CHE: YES!!

FINALLY!

Now, add PAYU payment service, so I can pay my wallet with argentinian pesos cash through Rapipago or Pagofacil.
I'd say that Spanish America (Argentina/Uruguay/Peru/Colombia/Chile/Mexico and some more) are next, amigo! ;)
Cross your fingers! :P
avatar
almabrds: And what does? No offense Alf, but if you have a solution in mind, please share with us.
avatar
PaterAlf: See my answer to JMich for an easy solution.
But didn't you just said a few minutes ago, that the current security option doesn't prevent hackers? How would reducing the amount of times you need to insert codes, be a solution to that?

"Think twice before you speak, because your words and influence will plant the seed of either success or failure in the mind of another."
Post edited September 25, 2016 by almabrds
Do we make interest on our wallet account ^^
avatar
almabrds: But didn't you just said a few minutes ago, that the current security option doesn't prevent hackers? How would reducing the amount of times you need to insert codes, be a solution to that?
If there would be more choices I could deactivate 2FA for everyday login, but activate it for mail and password changes. In that case I wouldn't be bothered every time, I log in, but would get warned when someone from outside tries to change important settings. That would prevent takeovers of accounts.

Right at the moment I only get a warning after the password was changed (no matter if I use 2FA or not). That's pretty useless in my eyes.
avatar
PaterAlf: Right at the moment I only get a warning after the password was changed (no matter if I use 2FA or not). That's pretty useless in my eyes.
I get a new email every time I access my account in a different computer. I'm forced to insert a random code, otherwise I can't access my stuff.
Wouldn't I receive an email if someone else tried accessing my account, too?
It most likely would, the system doesn't know who is trying to login (unless Skynet is real xP), it would assume it's me, and would send me the code, by email.
I would change my passwords immediately after receiving this suspicious email. Pretty useful, in my book.

"Think twice before you speak, because your words and influence will plant the seed of either success or failure in the mind of another."
Post edited September 25, 2016 by almabrds
avatar
PaterAlf: It shouldn't be hard to implement optional 2FA just for certain cases like attempted password change or mail change. In that case it would prevent hijacked accounts and fraud, but wouldn't bother users who don't want to enter the code every single time they log into their account.
Yes, it should be possible to set areas as low and high risk, and demand authentication when attempting to visit a high risk area. And that is what GOG was doing before 2FA, since you were required to reenter your password to be able to change the settings, thus a random person sitting on your session wouldn't be able to change them.
That could still lead to issues though, mostly because my guess would be that the whole /account/ part would be considered high risk, and that includes the chat (yes, I want to have to use 2FA to be able to see my chats). Having to use 2FA to log in is much less hassle than having to use 2FA to check chat, especially if talking to multiple people.

Still, 2FA has nothing to do with the notification that your settings have been changed. 2FA does prevent unauthorized changes, unless of course you decide it's too much hassle and don't use it, in which case the only one at fault is you.