Here is a nice guide, personally I’m using 2FAS and Ente.

Pick whatever suits your needs. Though you should know the code.

(IE, picking a black box software is not a good idea.)

Great, more private data I can give to google & Co. and tie to my burner phone.

You can use whatever authenticator you please. You could use Redhat's FreeOTP, mOTP, Secur, whatever you please. There's even desktop applications that don't even involve your phone. All you need is either a QR code or a secret to share with the application.

Personally, Aegis (Android) and KeePass (WinLinMac) is the way to go.
I'd recommend you having one on phone and one on pc for safety.
Losing access to an 2FA secured account can be really troublesome if you lose your recovery key, which they give to you when you do your first 2FA confirmation login. (Save this file/code somewhere safe!)

Look, if you know what F-Droid is, I'd like to say I use that almost everyday on my phone to do things. (If not, a quick search will tell you.)
Now that you know where I stand against Google corporatism and monopoly, 2FA options are plenty and you needn't to give Google or anyone else a bit of data to use it.

TOTP is completely offline time based based authentication algorithm which relies only on mathematics to generate 6 or more codes based on a random initial given seed.
If someone is saying to: "Use this 2FA browser extension" or "Create an account on this site which gives you 2FA between all of your accounts", I'd say you really need to search for better and bloatless alternatives.

I'm actively using Aegis and KeePass and they're so fluid and fast, with no connection required, that its just lazyness to not use them, no kidding here.

The only problem I personally have with GOG implementation of 2FA is that its TOTP uses a 1990 based algorithm logic (last time I checked) which has many security flaws and you can learn more about this criticism here. But otherwise this is much better than what we had before.

Spend a little bit of time and learn to use it to add another security layer to your accounts before complaining its just another Google propaganda, because its not, thankfully. And yes, GOG could force us to use Google Authentication, but they didn't and I'm really happy about this. :P

That't great and all, but why should I trust a 3rd party with my information? What makes them safer than email or my account already. It seems like this is an extra step without offering any real protection. Someone could hack a third party account as easily as they can my GOG account.

What information? What account? It's just codes being generated offline on your device, that match the codes generated behind the scenes on GOG's side. This has been explained repeatedly.

I'd rather spend my precious free time doing more worthwhile things like playing games. Tis ok if that colours me lazy.
It's essentially like the security theater of your country's TSA, so not much.

I've meant no offense before, and I do not now again, but talking as directly and objectively as possible:

You're actually probably losing time not using TOTP 2FA nowadays.

I've made a fast calculation on time comparing email 2FA against TOTP 2FA on GOG from my mind, which is this case is a reliable source because I don't use password managers, therefore, I have to manually type my passwords every time - which means, my passwords must be more than 25 characters long for extra safety against some kinds of cyberattacks, thus, I know the time I take to type my passwords on GOG, email, and so on because I have them all on my memory from repetition.

Before GOG implemented TOTP, I used email 2FA.
The time it took for me to type in both email and GOG password, check email, copy paste code, or look code on email client on phone and type it in, would probably vary from 15 to 30 seconds on my case with big passwords and no password managers, depending on how long it took the email to arrive, page loading, change tabs, and so on.

Now with GOG's TOTP 2FA (right now actually, I just did that.) it took me around 12 seconds from opening the PC TOTP client Im using, typing in my password on GOG, changing windows, clicking two times to auto copy the TOTP code, changing windows, typing it on GOG's TOTP box and done.

To be fair¹, I use Linux with i3 windows manager, a windows manager focused on fast keyboard use and fast window change and less "mousing" through personalization, therefore, I know Im not the common use case and this case can be considered a power user one (everything is done faster through keyboard, less hand movements and so on.)

To be fair², GOG rarely asked for email 2FA in the past after you login one time, except if something weird happened with cookies, I deduce, or if your session IP expires, which means, too much time without login in.

TL;DR:
On my personal use case, typing passwords as I don't use password managers, nor save logins on browser through cookies:
My time with GOG Email 2FA = From 15 to 30 seconds login time.
My time with GOG TOTP 2FA = 12 seconds max.

I'd say its a plus either way:
You will objectively login faster with a PC TOTP client at your side (no need to reach for your phone) and you will objectively be safer with a more secure layer of 2FA. Even though it seem to be an old method [?]. One of which I hope, and believe, GOG is already looking into it if I'm in fact right..


The message you quoted explained how with Aegis and KeePass (and many other alternatives recommended on this same thread and this thread) you need no accounts - at all:

I get you mean well and acknowledge some might get some use (beyond a feeling of security) out of this option. I usually stay logged in and only access this site from the same device, however, so any possible benefits aren't personally applicable.