Keep it clean
If you believe that a wish duplicates another one or is not meant for the category, use Options button above to report a duplicate or spam.
Add your wish
If there is an item you wish to have on GOG.com and it’s not yet on the wishlist, please add your wish
Two-Factor Authentication / SMS Security / 2FA completed
Very disappointed that this is marked as completed when it's not. The only 2FA option is still email. The request is to use 2FA code generator apps instead, which are vastly more secure than being emailed or SMS'd a code.
Email is not a proper 2FA.
Definitely not completed. Please add proper 2FA where we can use an authenticator app!
MFA with only email is terrible, you are usually connected to the email account and need no further authentication before viewing mail, unlike most TOTP apps that require biometrics.
PLEASE MARK AS NOT COMPLETED!
This is NOT completed! 2-step-login-with-mail != 2FA
Please implement TOTP or better passkey!
This is not completed.
Marking this as complete is a deliberate misinterpretation of what was requested. Email 2FA is not secure. Neither is SMS. At this point you should also be working towards passkeys as well as authenticator app support.
2FA App NEEDED!!
This not done, please give us the proper 2FA via a authentication app.
Just want to keep my account safe
Open this again. This is NOT 2FA that is now implemented. Please review this again GOG!
Not completed...Codes don't even arrive most of the time.
Definitely not completed. Needs current 2FA support via an app, not sending the code to an email address
+1 for not completed. Email two-step login is simply not secure enough. Support for 2fa apps is needed.
Please implement WebAuthn (and, by god, not SMS! It's 2024!). The email method works, but it's a hindrance. 2FA mails get sent to spam, etc.
2 step login is not 2fa. add support for authentication apps.
+ Not completed.
This is NOT COMPLETED. Please add proper 2FA, email code is not only really annoying but also is not secure enough
Do it! Now!
This isn't completed, the post is about 2FA via SMS or / and TOTP (google authenticator), I would like to see TOTP in particular but currently neither are supported by GOG
E-Mails sometimes take 10 minutes to be delivered, a TOTP code from an authenticator works instantly and is more secure.
Please do actual proper 2FA with TOTP
+1 for proper 2FA
This is not complete. Add proper support for TOTP and Hardware Security Keys.
This wish is not completed. Email and SMS 2FA is a joke.
2024 and still no proper 2FA...
Writing this to to keep this wish alive remind everyone that Email based 2FA is not secure enough and that we want at least proper TOTP.
Agreed with the remarks that GOG does not do real 2FA/2SV. Email and SMS are not secure. TOTP is better but FIDO2+Passkeys are the future.
This is not complete and needs to be reopened... Email 2FA is just bad but also not even what this was asking for. It clearly states in the title for 2FA like google Auth or Use of an SMS code..
2FA with Aegis please!
Please support passkeys with FIDO2/WebAuth protocols such as Yubikey.
E-mail 2FA is a joke. I spent a weekend trying to log-in. E-mail message was in a limbo - it took more than 15 minutes to appear in spam folder. I was cut off from my account because I wanted to be more secure. Please consider implementing FIDO/TOPT
THIS IS NOT COMPLETED!! GIVE US TOTP 2FA.
It's 2024 GOG. Where is the 2FA OTP option?
E-mail 2FA isn't the best option. SMS is even worse. We need 2FA with an authenticator app.
The current email 2FA implementation is just not good enough, email is way too slow.
We need real 2FA like FIDO or HOTP/TOTP.
Show us WHERE we said we wanted Two step login? we all want Two factor authentication meaning using authenticator apps on our phones to put the codes in to log into our accounts. Who assumed that this is what we wanted when you KNEW what we wanted was to use authenticators!
Who flagged this completed? It's not.
Receiving a code at the same email address you use to log in is not a second factor - especially because the email can take upwards of half an hour to be received. An expired code is useless. Please implement TOTP.
The other thread: www.gog.com/wishlist/site/add_google_authentication_option
How can this be marked as completed? There is still no option for FIDO2 2FA. Not even SMS option but FIDO2 would be much better given TN spoofing issues.
Another thread about this same issue.
The current email 2FA implementation is just not good enough.
We need real 2FA like FIDO or HOTP/TOTP.
You really need to implement proper industry standard time based or FIDO 2FA. This is a basic requirement and makes me question buying more games with you guys.
And here I am literally locked out on my desktop bc the 2FA mail isn't arriving :] fantastic job...
How this isn't a thing confuses me. We need more security than just an email.
this needs more attention
Just went through a 2FA fiasco with e-mail codes not reaching me. The incredible advice was check your spam folder. Gee, I wish I had thought of that. After three e-mails to support it just magically starts working again (3 days later). A better system should be implemented ASAP and I agree it should not be marked as completed.
Guys 2FA with an authentication app is superior to an email why isn't it an option already it's 2023 and I wouldn't want my library to actually be secure
not spending one cent here until this is properly implemented
I would appreciate a 2FA app!
I am willing to install a GOG made one - if that is the option...
The topic sayes "completed" though I just disabled 2FA and hoped I could use my password manager, but no, only email.
119 comments about this wish