We may earn a commission when you buy through links in our articles. Learn more.

GOG adds optional two-step authentication and enables HTTPS site wide


GOG.com has added an optional extra layer of protection for GOG accounts. If you decide to opt in, the digital distributor now supports two-step logins, making it less likely someone will have a spending spree on your bank card.

Celebrate the good news by playing through our picks of PC’s best indie games.

Additionally, in the coming weeks, GOG will also be making all communication encrypted by default with HTTPS everywhere.

Two-step login will periodically ask you to verify your identity with a 4-character pin sent to your email, much like Steam’s emailed codes when you login on a new device.

“Two-step login is optional, but we really recommend it,” explains the official announcement. “It’s designed to bug you only when we notice something unusual – like logging in from a new browser or location. By doing this, we make sure that there’s no way to gain unauthorized access to your GOG.com account without both your GOG password and your email account. When used to its full potential with unique passwords for every account, two-step login can be virtually impenetrable.”

If you want to enable two-step logins you just need to head to Login & Security settings and verify your email address.

Additionally, you can now end all of your active GOG.com sessions in one click, including every device or browser you’ve ever logged in through.

As for the encryption, let GOG explain: “GOG Galaxy has already supported HTTPS everywhere for some time, and now we’re beginning to roll it out globally. That means HTTPS support for every connection between you and GOG.com – all secured with industry-standard encryption. Every bit (and byte) of data that travels between you, us, and everyone on GOG.com will be encrypted, including the store, forum, chat, downloads and even all of GOG Galaxy. It truly is HTTPS everywhere.”