It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussion2FA... Safety at our expense?(8 posts)(8 posts)
(8 posts)
Pages:
1
This is my favourite topic
Posted August 22, 2022
I go to log into GOG but guess what??
They don't think it's me so they force a 2FA.
...
My question is ... If you won't let me log into your shop without 2FA because I may be an evil cyber criminal then why in the hell are you displaying my COMPLETE email address to said cyber criminal on your 2FA screen???
...
Nobody else does that... For a reason!
-------------------------------
Edit:
Ok so my email is my login... Good point.
My login is kinda automatic so hadn't really thought about it. I was just a bit gobsmacked to see my details displayed on the screen before they had confirmed my identity.
.
I have no issue with email 2FA but I would still feel more comfortable with a partially starred out email being displayed.
Other sites do this, even if they use email as a login.
Post edited August 23, 2022 by Crunchyhead
Posted August 22, 2022
Aren't you logging in using that email anyway? If a "hacker" got to 2FA part, your login and password are already compromised.
Posted August 22, 2022
avatar
InkPanther: Aren't you logging in using that email anyway? If a "hacker" got to 2FA part, your login and password are already compromised.
But my email wasn't.
They are showing and associating my email whith this account/user to someone they believe may be an undesirable. Most sites that I visit asterisk out the middle portion of the email they are sending 2FA to.
If it's safe enough for you to give out my data then it's safe enough to do away with 2FA.
Posted August 22, 2022
avatar
Crunchyhead: But my email wasn't.
Your login IS your email address...

I agree with InkPanther, it's not that big of an issue, but also agree with you that it's a good security practice to partially hide the email address - although this is meant for use on mobile phones and other places where other people may casually view your screen, not as the be all and end all of security measures.
Post edited August 22, 2022 by WinterSnowfall
Posted August 22, 2022
avatar
Crunchyhead: [...]
They are showing and associating my email whith this account/user to someone they believe may be an undesirable. [...]
They're showing it to someone who already successfully used it in the first step of the log in. Would it be better if it was partially obfuscated? Probably? But that seems like a mute point when somebody knows your email and your password.
Posted August 23, 2022
They should allow alternative to the e-mail 2FA
Posted August 23, 2022
I would like the cell number thing that I see all the other sites do, even my bank does cell number. GOG should have more options but lets see if they add it down the road.
Posted August 23, 2022
I actually applaud the fact that GOG has 2FA, but more to the point, their approach to it like many things, is a little stone age.
Pages:
1
This is my favourite topic
Community
General discussion2FA... Safety at our expense?(8 posts)(8 posts)
(8 posts)