Two requested security features, and the two-step login is optional meaning those who don't like it won't complain.

GOG can introduce a change that no one will bitch about.

Well done, GOG!

EDIT: Ooops, spoke a bit too soon.
Still compared to the last shitstorm, this is can be safely taken as "no bitching". :)

I hate to disappoint you but I´m kind of worried whether https everywhere will mean regular http wont be an option anymore - http is needed e.g. when a Chrome user tries to upload his account data via Barefoot Essentials on the gogwiki - on https pages the thing gets stuck on "sending"... So this is a worry on my part and you can count that one for "bitching" if you so wish. Plus I dont care about 2 step security -it seems more like an inconvenience to me...
edit-typo and precision

Hurrah! :)

Although any security functionality can be spun as a step in Big Brother direction. ;)

FIRST MORE SECURITY, NEXT UP DRM.

FAK U GUG

You've clearly not read all the thread...

Quite a few people seem to be complaining about the implementation of two step verification already... :/

In fairness I kind of bitched about it. :P

People will always find something to complain about :D

Sure they can. And elephants can also fly, by the way.

I would be quite happy with 2step authentication on account changes, however this appears to be every time you log in to GOG if you have browser cookies removed at shutdown - i.e. if your already doing security things, this just makes it more difficult to access. Seems a bit daft, when changing account details, yes of course there should be a check.

I do complain. GOG gave it as "all or nothing". I want two-step verification, but not every damn time I log into GOG (from a clean browser).

Why do I seem to be the only person in the universe who thinks two-step verification is most sorely needed for when:

- changing the email address
- changing the password

The rest is less important. I can live with the thought that some hacker was able to log in as me, as long as he can't perform those two actions. After all, what can he do, besides downloading my games, writing trash messages as me, and buy some new games to my GOG account with his own credit card?

Then as long as GOG informs me to email that some evildoer from a new IP address/country logged in as me, I can react myself, like change the password myself, and reset all GOG logins from all sites.

EDIT: Thank god, nightcrawler is thinking similarly as me. Good, I am not alone then, feeling like everyone else had swallowed a crazy pill.

You have clearly not spent much time in the gOg forums.

You bitch about everything. :P

Thanks! to GOG and to you ZFR for making me notice it.

Already started using it. Should be bigger news.

Maybe to be more comfortable and faster make it work with Google Authenticator (?)....
But the current system is good too, emails come instantly(very nice!) at the moment, so no bad :)

PS. The HTTPS thing worked before aswell, with HTTPS Everywhere extension from EFF

That's impossible and people WILL go out of their way to prove you wrong.
In fact, I'm pretty certain that even if GOG makes itself 100% customizable in a magical way that every user can tailor it to their needs, some dicks will whine "oh no! why all theses choicez GOGz!!!11".

You obviously did not read the thread you link to. There are quite a few complaints there and rightly so, IMHO.
Count me in a well.

I don't clear cookies, but I use at least 10 different browsers on a pretty regular basis and I travel quite a bit, so not planning to use this feature in its current implementation.