Keep it clean
If you believe that a wish duplicates another one or is not meant for the category, use Options button above to report a duplicate or spam.
Add your wish
If there is an item you wish to have on GOG.com and it’s not yet on the wishlist, please add your wish
Add Google Authentication option
Added by
wptate Add Google Authentication as an option to the site. This will increase security for my account, less likely to get it hacked, and thus reduce anyone else stealing the games that I've purchased.
Having it as an option means that it isn't required to log on, but an option for those that desire increased account security.
Other authentication options are also an option, but Google Authentication may be most widely/freely available?
Aloyse123 E-Mails sometimes take 10 minutes to be delivered, a TOTP code from an authenticator works instantly and is more secure.
grandmasterethel Email and SMS 2FA is a joke.
Games4Mage1970 please implement TOTP as 2FA for login check - thank You!
Kamiel51 we have 2024, and there is still no decent 2fa on gog :)
Clr.Sentinel +1 Please implement a authenticator option, thank you
AydroPunk Please support passkeys with FIDO2/WebAuth protocols such as Yubikey.
Misfiticus Please give us TOTP
Sopinpa yep this is the only app that dont use a authenticator because ea app use, ubisoft connet use, epic use and of course steam use also. and i use authy authenticator since is better than google.
AriesCZ Also in support of GOG adding standardized TOTP (RFC 6238) 2FA.
Had to resend verification code 3 times before it arrived
_SubSonic_ Wow since 2016 we are stuck here .... what the hell.
Who authenticates by email and sms anymore?
Please implement G-Aut. we desperately need that.
After all we invest a lot of money in our accounts. They should be better protected.
KiwiBlaze I consider email based 2FA to be a joke. While I take steps to protect my email address, once you have my real email address, any security options linked to that email is compromised.
Know how businesses all have safe guards and standards that users have to meet, or they cant use the service. The only reason I still have a GOG account, is because of the money invested in it.
Real 2FA (FIDO / TOTP) is becoming something I have started to say MUST be used on my accounts. It's open standard, and shouldn't be difficult to work into current systems.
capt-scarecrow TOTP is very important, this feature is much needed!
harbonath +1, dont have any sense in this days dont have a real TOTP solution for ours account (not email). FIDO should be a good addition too, but IMHO, at least, support for external TOTP
MorpheusTDK Just thought I'd check if this had been added yet and found this thread. In this day and age email 2FA isn't really that secure especially as it's directly linked to login credentials.
Using a TOTP solution that can be used with Google Authenticator, Aegis Authenticator, Microsoft Authenticator, Authy etc. (There is a reason why there is such widespread support for this approach) should be considered mandatory. If I can get a free plugin to implement this for a wordpress site it shouldn't be beyond the scope of the company to implement something similar and would be a considerable security upgrade.
Kitosh With recent attack on accounts for Steam Devs, the Security for GoG should be increased try and be ahead of the game, FIDO / TOTP or new passkeys.
Mister_Gizzard +1 for authenticator
lucjedi +1 for using a TOTP authenticator.
kallja I would really love to see FIDO2 and TOTP be implemented. Either would improve login convenience and account security compared to the existing options.
jake_speed An offline 2FA system is far more secure than email based. If your email account gets hacked, the attacker can take over all the rest of your accounts because they can do account recovery and have the 2FA to back it up. Having your 2FA separate from your email means the attacker would also have to have access to your 2FA client or somehow know the unique 2FA code you were given when you set up 2FA on your account.
vernalex Any site that doesn't support self-management of TOTP makes me use it far less. Email isn't convenient and can be especially painful when emails get delayed. Please provide the hash so we can use our own auth apps.
SR71Hellfire Would also appreciate the implementation of OATHs TOTP.
andrewg.txt The ignorance of these comments is hilarious. Google Authentication doesn't mean you have to use Google to authenticate. What OP means is the algorithm used by Google Authentication, which is standard and used by third-party apps as well. That way you can use the authenticator you want and not be stuck with email authentication. It's better security in every way, and it's absurd to think this will somehow result in Google spying on you. It's an open-source algorithm developed by Google, but peer-reviewed. You can research how it works.
fatal` TOTP please
NULUSIOS +1 to implement 2FA using authenticator apps
medve_a_maci insane boomer smell in here. "google auth option" doesnt mean you can only use google's app. theres authy, theres aegis, theres like 5 more free apps that supports biometric login and code export to several devices.
+1 for app auth methood, cd project should step out of the dark slavic ages already
fridgeband I don't care what way shape or form it's done. even if it's "just a little this way" or "but it's only a little here like this!"
NO. absolute NO. zero % google is the only amount I am okay with. keep that FAR away from my login, my account, my games, my LIFE.
fridgeband I don't want anything google near me at all. I am so uncomfortable that I might just quit gaming if google tries to get into or near my games or accounts. JUST solid NO.
beylie What is the holdup here?
N0rdmann please stop those thousands of mails per day :P
save mails/power/traffic/nerves ;)
aiRN7 (+1) I don't like the 2FA with e-mail!
paulotex Yes! 2FA with email is horrible. WE want TOTP!
sychron +1 for using a TOTIP authenticator.
And for the computer illiterates in the comments: These programs generate a code every 30 seconds and display it to you. This is the code you have to enter to log into your account. There is NO transmission of any sort between the authenticator and anything. The server knows the formula to calculate the core by itself, they are once synchronized via QR code and then both calculate on their own. And when logging in, they just check whether you have the same result.
So NO tracking with google or whatnot, no transmission of anything during login, just a way to get a code that is MUCH more secure than an email which is essentially a postcard anyone on the route can read.
extra2AB This comment section shows digital illiteracy of people. They are saying no thinking Google will track it or something, lol. For those idiots, Google Authenticator is a TOTP based Authentication method where you can use any app you want, no need to use Google Authenticator if you don't like it. Use Authenticators like Aegis which are completely offline and no body can track it. Just get some knowledge before refusing to accept better changes asked by other people.
L1FEsUniverse Keep GOG free of google! If so let users choose other authenticators free of the big corporations.
And please, do not ever consider to use ReCaptcha and stay clear of stuff that supports adding knowledge to machine learning
Indescribable Is this for Google login? Or Google Authenticator? If it's Google login I don't care either way - won't use it.
If it's Google Authenticator, then yes please! The benefit of adding Google Authenticator as 2FA instead of what we have now (email), is that attackers would need to gain access to BOTH your email and the one-time-code from the Authenticator. Right now the one-time-code is sent to your email, so attackers only need to compromise your email.
VirgilBudBrigman Indeed, I prefer to use a TOTP authenticator over email (i.e. Google Authenticator, Duo Mobile, Authy, Bitwarden, etc.)
KnossosDomovoi Why would I want to send all my GoG activity to Google? No more Google tracking, please. Google's spying scripts are already everywhere in GoG. De-Googlefy GoG now, please!
drmsux Fuck google and anyone who helps them further take over, dominate and ruin everything. Hard NO.
_Notus_ Except Google Auth is pretty much a spyware, tracking stuff you do when it's loaded
mecmeta +1. There seems to be misunderstandings here about how authenticators work. Most authenticators (Google, Authy, etc.) use the same standardised algorithm called TOTP. So implement TOTP authentication and user can use any authenticator software they want.
rhahael You are much more likely to be "hacked" through your google authentication. I'd rather have them remove all kinds of authentication from third parties from the website.
virtualstorm2002 yes please
DasDonzii Use Authy
PandaBoy444 While I don't LOVE google, i HATE facebook, and if we have facebook auth we should at least have the option to use google instead.
epain I thoroughly and wholly disagree. Less Google = better.
rinea.kathe Jeśli tylko byłaby taka opcja - używałabym. Do wszystkiego, do czego tylko mogę, loguję się przez Google.
Buhs Steam and Blizzard use their own authenticator. Uplay, Origin, and EGS are already using Google Authentication. Using an authenticator significantly increases the security of the account, in addition, the implementation does not require large financial costs. Another plus of using Google Authenticator (in my opinion) - you do not need another application on your smartphone.
Oceawy I agree that would be very nice
godportal uplay did it already
2kman Yes please! Google Authenticator is perfect in its simplicity!
No need to rely on email for that.
50 comments about this wish