GOG, the digital distribution service formerly known as Good Old Games, has warned users that it will be automatically enabling two-step login across all accounts on October 24th.
Like any service in which items of value are traded, GOG is the target of attackers ranging from those after a free game to more determined foes after stored payment details. The weakest link in the chain of such a service is, invariably, its users; accordingly, GOG is looking to shore up its defences by enabling a two-step login system as standard for all users.
A variant on the more secure two-factor authentication (2FA) system, which requires something you know (a passphrase) and something you have (typically a physical token or virtual token installed on a smartphone), GOG's two-step login works in a very simple manner: when a user logs in from an unrecognised device or network, he or she must supply a code which is automatically sent to the account's registered email. No code? No login.
It's a move which should help boost the security of the platform, but falls short of true 2FA: if a user is daft enough to share a common password between a GOG account and its registered email account, attackers can easily intercept the code and log in from anywhere. It is, however, better than nothing, and that's why GOG is making it the standard way to log in from October 24th.
For those who, for whatever reason, don't want two-step login enabled on their account, GOG is providing an opt-out
, while the system can be disabled at any time once active from the Account Settings screen.
More information on GOG's two-step login system is available from the official website