I know GOG has 2FA support, and that is generally good, but i have a question. Why the email 2FA?
I know a lot of different companies, that does this, but those generally (example - Humble Bundle) either use email 2FA (or SMS if you prefer that), or let you bind a google auth/Authy to the account and use this. I prefer the Authy style of 2FA, especially that this app is on my phone, my computers etc, and its much faster to load Authy and get the code that way, than to go over to email, wait until the thingy ACTUALLY arrives (if you are unlucky it takes upwards of 15 minutes), then carefully write the code in the box.
So, will we get the functionality to use our own apps? Or the email 2FA will be "The only right solution".


Tl;dr: Hate slow email code, praise authy. Plz auth app binding kthxbai

Yeah, sure, lets go with Google providing our login details, thats going to be soooo secure.
Feck that, email is perfectly functioning, email takes a few seconds most of the time. And doesn't mass scrape every iota of data from the universe to mass market media for the prvilige (unless you use gmail of course, in which case I would be suprised if they didnt already know you wanted to login).

Most everyone uses Google for email anyway.

I see you eat the tinfoil that comes with your fish & chips in order to protect your stomach from being fed diet control rays, you've gone so paranoid.

There are of course One Time Password authentication apps that aren't even associated with Google. Red Hat has one, the FreeOTP Authenticator, and there are others like the Aegis Authenticator.

(Especially if you use outlook+exchange. Some things should have been banned a long time ago...)

2FA through SMS is, unlike mail and AUTH, considered very insecure and shouldn't be used today anyway. But, I personally prefer 2FA through mail as it is one less app on my phone (and computer) to steal space and battery, and it's something everyone already have.

I tried using Google Auth on different sites and for me that's slower than mail (and that usually only takes 2-5 seconds before I get it), but then again, it really depends on the servers, network link, location, amount of users, your phone etc.

EDIT: Also something to consider; implementing Google Auth is more time-consuming for GOG(!), and, I don't know how the servers and network links at GOG are configured, but if GOGs webservers already experience slowdowns (f.ex something internal, or spam/DDOS), it doesn't matter it you use mail or AUTH app in most cases.

Well, while it might be "secure", the fact that they went from open source to proprietary is not something I would trust either... FrreOTP would be a better choice.

https://alternativeto.net/list/818/how-to-live-without-google

Yeah well, idk how he got the "Google providing our login details", since Google-authenticator algorithm, aka "They way of generating a code from given string" is open-source. I am not saying, we would all have to use google, and bless overlords. I am just saying, that providing an alternative (especially, when some of the OTP apps, who will translate your strings into OTP codes, are really handy [In my case - Authy]) would be an added benefit.
Also an counter argument to your "experience slowdowns" is - Sending 1 HTTP Packet with OTP code (remember, nothing must really communicate, since all you get is the prompt for the code, its not like steam, and stuff) vs sending full stylized email is a difference, so in case of REALLY BIG slowdown, it still would be kind of faster to push 60 bytes of data vs about a meg.