WORD, me too .. i'm a chaotic, unorganized genius (somehow), lil bit like a crazy professor.. if i set those randomized, 20 chars long passcodes everywhere, i can tell you, i dont need a hacker who throws me out of my accounts

True... I generally have a weak password (unimportant sites), medium password, and super strong password. Keeps them fairly simple.

Although... I'm considering going more towards a generated keychain based on location/name. Just have to find some software I'm happy with.

haha you got a point! sold!!!
I'm using the same strategy, and still... from time to time i need to reset passwords....

If your email account uses the same password as your GOG account then you'd better change it quickly. Email hijacks are fairly serious.

dat was the first i did, after all this, thanks anyways :)

Kaspersky is top notch, I would use it at home but its dammed expensive for us maple tree dwelling Canadians.

Some suggestions.

Contact gog (as you have) and explain the situation.
I personally do not use Chrome, but see if it will display your password to make it possible to change it.
Buy a password manager that keeps your passwords on your local machine. Something like Sticky Password, RegX Password Vault, or Password Depot, to name a few.

This will allow you to create passwords of 99 characters and unique to each site without worry. Just backup your password database.

Hope you can resolve this.

Could you try contact that Russian hacker and ask him nicely what your password is? At least he seems to know it.

That's why I never use those "password managers" or such, but rather enter the passwords always myself. That is the best way to memorize them.

yea yesterday i got around 5 emails with codes for login attempts in russia

I see these reports seem to come from users who've registered to GOG many years ago, but have very low rep (suggesting they rarely visit GOG, or are not active otherwise with GOG?).

I think that just shows it is a good thing GOG is going to enable two-step verification for everyone so that the passive users will get the extra protection as well, especially the ones reusing their GOG email and password on lots of other (less secure) sites too.

you ain't from russia, so bitch why you rushin? pimp juice! oooooooooh ooooooooh hoooooooo

I am TwoHandedSword, and I approve this message.

Yes, muscle memory is good. But how many strong passwords can you remember? Reusing them is not recommended.

Also, some websites force you to change your password regularly.

I think that a password manager with adequate backups can provide the best defence for the normal user.

Having low rep doesn't mean they don't visit or buy from GOG often, it means they don't come into or use the forums very much. ;)

Aside from that, yeah, 2-step becoming default is probably for the best.

This makes me both highly certain and highly uncertain at the same time.