Yep, I do remember them, but they seemed to disappear long ago and didn't come back until today. Are you sure nobody touched anything?

I had to change the e-mail address in use with my account because my Yahoo address started acting up on me again and I wasn't receiving e-mails....

Now, i'm stuck on the security code part of the login, after i punched in the code the first time....and it didn't hold, and now hitting resend security code doesn't even work.


I also can't disable the two-stage even temporarily so that I can access Galaxy for the same reason. The code e-mails aren't showing up anymore.

Up until yesterday, it appeared at login only under certain circumstances, like a few failed attempts (wrong credentials), or after a few log-ins and log-outs within the span of 60min. So, no, it was not introduced as part of the very first login screen last year, it was sneakily introduced today.

Besides being annoying, it prevents MaGog from collecting and delivering updates data.

I'd like an official, public statement as to if this is intentional, if it's here to stay, why it was sneakily introduced, and what GOG hopes to achieve with it.

yes, but not at first attempt to login.

can we have official explanations why if the changes are not a bug. (since it's also a problem for MaGog).

some insights would be nice.

I had almost forgot about this, when GOG left me puzzled today. The usual login didn't work, because I'm blocking 3rd party content by default and since the captcha is powered by Google tech it simply didn't show. Just the entered password vanished as if it was wrong.

Tsk, tsk, GOG. How could you let me believe my account was haccked! :-)

I haven't encountered the problem people are reporting with reCaptcha personally yet, but if it is interfering with MaG I hope that GOG will communicate with mrkgnao the author of MaGog to try to come up with a solution that works as MaGog is now pretty much a very important community resource for the GOG community and breaking it without any communication to try to figure out how to resolve the situation would be very bad. It's the sole source of highly detailed information we get concerning updates these days and losing that as well as the other functionality that MaGog provides would be a serious blow to the overall GOG experience even though it is an unofficial 3rd party resource.

og

It's all working perfectly, now ^^
Thanks guys!

Thank you!

Any news on why they suddenly are there everytime when logging in?

It's an immense PITA if one also uses RequestPolicy Continued, and has everything Google blocked by default.

Ha you want real fun make it so you redirect connections to google through Tor. In many cases they send you to the text re-captcha with a series of rnm and the like all smooshed together. That is if it works at all.

I wish if folks were going to implement these things in an access critical manner they'd get something that ran on their own servers, I really really don't like google.

Security bug report to add to the "broke" list: mantis.gog.com still does not support HTTPS, even though GOG has claimed for a long long time now to have "HTTPS everywhere".

http://mantis.gog.com/view.php?id=4590

It's like putting security guards with machine guns and attack dogs at all of the entrances to your business, but leaving the basement door entrance unlocked and unguarded. It's 2016 GOG, c'mon, it takes like 15 minutes tops to reconfigure a webserver to support HTTPS properly, install an SSL certificate and redirect http to https and confirm the setup using Qualys SSL Pulse.

The Firesheep attack years ago should have taught companies worldwide to start using SSL always everywhere with no exceptions. The problems are known about for over 16 years now. Time to have a unified security model.

Do you allow them on a permanent basis? If yes, this is what makes the difference. I allow them only temporary, even those that I "trust".

When I am troubleshooting a new site, if it requires cookies (usually meaning a login session), I allow that permanently through for the site because not doing so gives no benefit and only causes login headaches. I may do it "all" or "session-only" depending on the website and how much I trust them and how often I'm likely to log in there however.

For RequestPolicy Continued, and NoScript I normally only allow temporary at first until I can confirm what the minimal amount of domains/subdomains are needed through experimentation to allow for proper site operation. Once I have determined the minimum set, I flush the temporary rules and make permanent rules for the site if it is a site like GOG that I'll be using all of the time or on some kind of regular basis. If it is a one-off view of some random site then I normally only use temporary.

My personal goal is to greatly reduce the attack surface of potentially malicious content, spyware/tracking content, consumer-unfriendly content, resource wasting content, etc. while maintaining a balance of convenience for the sites that I frequent the most.

For some minutes the forum acted like I wasn' logged in. Favourite topics were gone (also marked forums), it showed only 15 (?) threads per site and I couldn't post. I could reach my library though.

Now everything seems to be back to normal.