Keep it clean
If you believe that a wish duplicates another one or is not meant for the category, use Options button above to report a duplicate or spam.
Add your wish
If there is an item you wish to have on GOG.com and it’s not yet on the wishlist, please add your wish
Two-step authentication
Added by
Jehren Support for two-step authentication when logging in via sms or email. See: Google, Steam, Origin, Blizzard, etc.
AydroPunk Please support passkeys with FIDO2/WebAuth protocols.
Misfiticus TOTP FTW
obrazu Non-Email MFA is a bare minimum step it up.
jake_speed Another thread for standard (non-email/SMS) 2FA here. www.gog.com/wishlist/site/add_google_authentication_option
Bournout3000 Some time has gone by but it is never too late for more security
TANGO_ECHO_ALPHA Any standard TOTP 2FA or FIDO2 please. Using SMS and email for 2FA nowadays - really it is just about better than nothing, with SMS spoofable.
HikariWS Don't use Steam as example. They monitor their general forum for any FIDO/2FA new thread and have a group of alt accounts that come in a few hours harass the thread creator. Then when the guy complains about the harassment they have some unknown mod that bans him so he can't rebate them or defend against the harassments. Tons of ppl keep falling on scam and losing their accounts on Steam.
Anopheles_ss Absolutely need to implement 2 factor authentication. Allow us to use yubikey at the very least. Make an app like steam for phone just as good. Not linking accounts until better security is implemented.
Clixx13 No email or SMS. I want an attacker to have to steal a physical item from me to have access to my accounts, not simply for them to have password access to the stuff that authentication codes are sent to. Let me set up a free authenticator app of my choosing to secure my account. This is a no-brainer, there's no excuse for this not to already be implemented
KADC Not SMS. SIM swap and porting fraud are rampant and on the rise and the last thing we need is yet another gift to criminals. Somehow 2-factor SMS auth has gotten so embedded in the collective consciousness that two companies have asked to verify me via SMS despite there being no cell number associated with my account.
Also, please, ask ONCE per device only unless it involves spending account credit or selling something. I hate playing two-factor pinball because I shop on my previously authorized laptop, play on my previously authorized desktop, but have to find my tablet each time (all on three separate floors) because I switched between already authorized devices ...and this to protect me from what? Someone who knows my password spending their own money to buy a game on my account? Giddy up! Someone who knows my password playing a game on an authorized system? That's entirely my problem if it isn't me.
So, yes, I'm totally onboard with 2-factor authentication, but it needs to be both genuinely secure and implemented with common sense.
jdu82 It doesn't work even from the web site. I was trying to disable two-step in my account settings and, ironically, GoG tries to send you a two-step verification code to do so... and I'm never getting them.
OrionSnake I am not getting the two-step authentication emails when using geforce now service. my experience so far with emailing two-step authentication has been bad.
Askiportal Would love 2 step on GOG Galaxy. I have funds in there and it's too easy to log in and purchase as gifts. I've had my steam account hacked before BECAUSE I didn't use 2 step =(
numberonehangestan 2FA apps like FreeOTP and Authy please. For those who want to use email - okay but for those of us who use 2FA Apps please add the funcitonality!
NuclearElement OTP auth please GOG :)
Hiruko-san 2FA apps or FIDO (eg. Yubikey, Nitrokey.) are preferable over email. the email is only 4 digits anyway, the minimum should be 6.
Lurbi85 I agree with this request. Two-step authentication via the google authentication app should be available. E-mail isn't that save.
DefiCzech More 2FA options, like app, hw token etc. would be nice (in this world it is must have imho :D ).
lhallfin GOG Galaxy 2 doesn't seem very safe without two-step auth. Not sure I want all my eggs in one basket without a little more security.
rfh1987 Definitely need to support SMS and authenticator options
rawdge As a security professional, 2FA is highly desirable, but I have to agree that SMS or email are undesirable and insecure methods of implementing 2FA. If you're gonna do it, use some form of external authenticator.
Le chat qui joue No! DOWNVOTED!
tudhalyas Pretty useful. I wouldn't even mind a "GOG companion app" for smartphones in case you don't want to tie yourself to a third-party program like Google Authenticator.
Khodyrov If they add two-step authentication, i suggest all of you to use andOTP for android, similar to google authenticator or steam...etc.
The good thing about it is this app is it's OPEN SOURCE so there's no shady things behind it, it does what it says, simple as that.
Here's the GitHub link: github.com/andOTP/andOTP
Shuichii415 Authenticators are the best and safest, you can use a free one from google or facebook on your smartphone, very easy to setup. SMS and/or email are very insecure, especially SMS. SMS is very outdated in terms of best practices security measures and in the same category as changing your password every three months for no good reason.
joedf This would be the best if I could set this up with google authenticator, otherwise I always have to go to my email...
B83 I would highly appreciate the ability to connect to GOG with TOTP, rather than receiving an email each time I log in to my account.
Alex_JD I'm honestly surprised that two factor OTP isn't currently supported. The emails are really delayed for me.
Please for the love of all that is holy add support for OTP apps like Google Authenticator, Microsoft Authenticator and andOTP. Even Nintendo supports OTP.
----------------- U2F / FIDO 2.0 is the way to create a safer internet. 2 factor by email is not much better than no 2 factor.
Please add FIDO2 to GOG
COWPOWER Google's authenticator seems to be the least troublesome of what I've tried, but I am down with SMS too. Obviously , whatever the choice ends up being, keep it optional. Preferably also an option that lets it save devices, but ask when changing critical information or spending money.
bulletbill22 Every single time I log in it wants two step authentication. Its getting ridiculous.
grisu48 I would really appreciate support for U2F (Yubikey) and OATH Challenge-Response with e.g. Google Authenticator for two-step authentication. Thank you!
theAnton81 Email is so slow it's pretty much useless, please use an already existing app like Google Authenticator. It's free and doesn't require the user to give up any personal information like a phone number.
nigelbeans TOTP 2fa please
darthside Please add TOTP support as an alternative to email. For me it is much more convenient to lookup the code on a second device than to check my emails.
iwonderdoi second factor, open standard:
SIP SIMPLE
Xmpp Texting
0MQ
Optionally wielding:
OATH Challenge-Response Algorithm
NOT sms texting
iwonderdoi For the love of good....
PLEASE
Don't make this rely on OLD sms texting
:(
FrayedSanity79 Please add YubiKey two factor authentication support. www.yubico.com/
Cheater87 Have it be optional and multiple versions so you can do text, email or software based.
lothar69 I almost clicked vote until I read sms or email. I'd rather have software based security than codes sent over insecure means.
s1drano 1. Let two-step authentication be optional. Not everybody can or want to use it.
2. Make use of already existing authentication apps (like EA does with Origin), instead of creating a new one (like Blizzard does, or Valve with Steam).
3. Don't ask for a security code for every little thing; only ask for one if people want to buy stuff, or when changing critical settings.
Seidon As was said, if your account winds up comprimised or your laptop stolen and they have access to your financial info through Galaxy, you'll be wishing there was a way to deactivate all computers on file and for access to require multiple means of entry besides a password.
I just agree that it should be optional and not an absolute requirement for everyone. And I think we should get to choose from a few different options; do you want an email sent, a text sent with a code, a call with a code, a passkey, authentication app, etc for example.
foo_ no to "two-step", yes to "other factor than password" - if optional.
That having said, SMS is annoying, a big privacy issue, and unsafe as well. OTP tokens however are nice, if optional (as are smartcard-based tokens).
ssokolow If it's two-factor auth, make sure that I can get the TOTP seed without having to install something like Authy.
I don't have a smartphone or any other Android or iOS device, but I do have a copy of KeePass 2.x with a TOTP plugin that I can lock down using a Yubikey for a second factor.
EdrinFr Yeah, right. Except steam's is broken, incapable as it is to send the mail 4 times in 5, and ask you each and every day to check you email… No, thank you.
pdragon04 ljacks: Not asking for it to be a requirement. It can be optional, same as it is in Steam and nearly every game that uses it. But I'm sure the first time you ever have an online account compromised, you'll wish the option was there. Especially an account that can spend your money.
iJacks No, just no. If this is going to be done keep it in house. I won't use this if it is SMS based (Google keep hassling me about adding a mobile number, yeah right) and if I have to muck about just to get into the client it will end up being deleted. Steam's method is OK, but it often takes AGES for the emails to arrive.
ast486 Two step auth is a horrible idea in general.
If it was implemented, the previous poster has a point. Steam method of a simple email code is annoying, but less painful then the other crap.
pdragon04 I'd prefer Steam's method of sending an authentication email out when a new system tries to connect to Galaxy instead of requiring an auth key every time you log in. Also like Steam, being able to deauth all systems in case of a lost laptop or something would be nice too.
49 comments about this wish