GOG.com Adds 2-Step Authentication Login & HTTPS Everywhere

👤by Tim Harmer Comments 📅08.03.2016 12:25:58

In a move that will add much-needed security for end-users, digital software distributor Good Old Games is bringing two-step login authentication to their account services this week. The move brings them in line with Steam and Origin's authentication policies, but falls somewhat short of more robust 2-factor policies that still remain a rarity for game accounts.

An optional service for all users, GOG's 2-Step authentication process prompts the user to input a 4-character code when unusual activity is detected, such as logging in from a new IP address. This code is sent to the e-mail address linked to your GOG account, and so the process of logging in doesn't change a massive amount. Enabling the additional security is simple: just a quick toggle on your account's Login and Security page.

Whilst a benefit in the event that your GOG password is compromised or your laptop is stolen, an issue arises if and when your e-mail account is compromised. In this instance 2-Step authentication through your e-mail is largely meaningless as the malicious party would have unfettered access to the validation code. Despite this weakness it's still a benefit that you should not ignore.

The GOG authentication policy is similar Steam's Steam Guard, but isn't up to the standard of more expensive 2-factor authentication offered by (for example) Blizzard Software. 2-Factor authentication by definition requires 'something you have, and something you know', which in Blizzard's case is your Username/Password combination, and either a keyfob or smartphone with authenticator app. GOG and Steam's policy implicitly only requires two things you know, i.e. your account login, and your e-mail login.

Alongside 2-Step authentication GOG have also added the option for one-click log out of all active account sessions across all devices.


In addition to 2-Step authentication, GOG also now supports HTTPS on both the GOG Galaxy App and throughout the GOG.com website.

HTTPS Everywhere

GOG Galaxy has already supported HTTPS everywhere for some time, and now we're beginning to roll it out globally. That means HTTPS support for every connection between you and GOG.com all secured with industry-standard encryption. Every bit (and byte) of data that travels between you, us, and everyone on GOG.com will be encrypted, including the store, forum, chat, downloads and even all of GOG Galaxy. It truly is HTTPS everywhere.

Source: GOG.com

Related Stories

Recent Stories

« AOC Launches 75-Series Professional Monitors · GOG.com Adds 2-Step Authentication Login & HTTPS Everywhere · XBOX Granted 30-Day The Division Paid DLC Exclusivity »