Now you can add your phone number in case you lose access to your email or authenticator.

I can't add my number yet (I push proceed, but nothing happens), but still is a good new feature.

"Good News(tm)! We've completely disabled the Downloader and downloading via your browser! By only being able to download via the completely optional GOG Galaxy we've managed to make your experience at least 500% (450% for those in the EU) safer!"? That's my guess. Kinda.

I never played much on steam yet I will be using this feature.

I noticed this before, but the thing is, I don't want to spread my phone number around. What if all services, even stupid forums and hobbyist sites, start demanding my phone number as a security measure? Should I give it to all of them?

Gmail and Hotmail also keep bugging me to give them my personal phone number, but I tell them to get bent (albeit Gmail has probably already gotten that from my Android phone, I presume). I am sure they all like to collect as much personal and identifying data as they can, that is why Facebook demands too that you should only use your real name in Facebook, not a nickname. All that personal data is worth money to them, no wonder both MS and Apple are busy also collecting user's fingerprints and face photos (for face recognition).

So how does that work in practice? They send a verification SMS to you if you try to log in to Steam abroad? I presume this is because Hotmail etc. are similarly locked out abroad, so sending the verification code to them will not help you either. Nice.

When I go abroad, I quite often get a local (data) SIM. I might have my own SIM in some cheapo secondary phone just in case someone wants to call me though. Then GOG would indeed be like Steam. :)

The simple solution as it is for wanted/unwanted emails : have 2 phones with different numbers, one private (friends/family), teh other one for public stuff (business, etc.). In Belgium, a prepaid card costs 15€ and lasts one year before you have to recharge.

As employee, it's even a better idea as you give only your public phone number to your boss so, while on holiday, you just shut this phone off and only keep your private phone (otherwise you can get calls to replace one sick colleague, etc.)

Interestingly enough, a German court ruled against Facebook's "real" name policy. Now if only the rest of the world would do the same.

(I put "real" in quotes because Facebook has been known to ask for legal ID, and a person's legal and real names can differ. Some people have actually been unable to use their real names on Facebook because of this policy.)

Glad I've got all my games DL'ed,so then I can say Adios Gog:-)

Everyone gets a free google number with a google account. Generate something there and forward txt messages to your real phone.

you can always trash your google number and regenerate nearly at will.

Does GOG really need one? Their customer support is some of the best I have seen from these companies and they are fast at responding and not taking weeks. They are also willing to work with you instead of copy pasting some crap.

SMS-verficiation is not costless, so I don't believe that smaller sites really go that route, especially forums But if so, there are already services for digital fax numbers and throwaway emails. I'm pretty sure something similar for sms is also possible, maybe already out there.

Good support is good. What is better is not needing that account support in the first place. I'd prefer they bump up the site security for the obvious reasons, but also because that should free up some support folks so they can deal with actual game problems.

What this person said!

Exactly.

Not to mention - over time you end up with who-knows how many places you need to update when/if your number changes. I'd pass on "Another thing to keep track of"..

That's a joke right? GOG's support was good way back when, but lately you are lucky to get a response within a week that is not a copy/paste of something basically irrelevant to the problem. It takes screaming on the forums or annoying the staff with chat messages to get any kind of effective action from support these days.

Even so, that's beside the point here. GOG's account security is laughable, especially in comparison to the multiple layers of authentication Steam provides. We just recently went through two months of nearly daily reports on the forums of GOG accounts being stolen and GOG restoring them using some of the worst security practices ever seen. Simple two-factor authentication and requiring a valid password for any account changes would correct almost all of GOG's security issues, but what do they do instead? Add a captcha to the login. A captcha. Possibly the weakest security there is. Thank gawd GOG doesn't store credit card information, because if they did, we'd all be dealing with fraud and identity theft right now, thanks to GOG's lax security.