At a glance (haven’t enabled yet, will later today), GoG uses the RFC standard TOTP model. This means you can use whatever app you want whether that is the google authenticator that ties it to your cloud account, something related to your password manager (e.g. keepass or bitwarden), or even just a python script you have in a random directory. It gives you control of your 2FA and protects you in the event you lose a device without properly de-authenticating it.
Valve use their own model that, to my knowledge, is only accessible through the Steam mobile app. Which is a huge nightmare if you ever have a device stolen/damaged (and is why you back up the recovery code)
Just enabled. Yup, bog standard TOTP and they even provide the plaintext key so that I don’t have to extract it from a QR code.
I don’t quite remember how to get the TOTP secret from the Steam app (they could in fact take notes from GOG here), iirc you have to extract it from the Android app via adb;
but once you have it, if this GitHub comment is correct you simply have to set the code size to 5 digits.
If your phone has a rooted Android install, I found this guide.
Their platform is really outdated. Can’t even edit or remove a game review without contacting support. It’s dumb. They’re losing precious time because of this
I don’t think it has cloud saving, easy wine/proton, API for achievements and shit… just overall unfit for “bigger games”. It has similar functionality to GOG’s offline downloads. I haven’t really used it so can’t say.
I probably won’t try it if they also take a huge cut from sales like 30% or somethingEDIT: They seem to let you choose whatever you want, and charge 10% by default (https://itch.io/docs/creators/payments#open-revenue-sharing). That’s neat! However, payment method fees always apply. You can opt into them collecting the money through their account at seemingly no fee, and won’t be exposed to chargebacks. That’s incredible!
It’s sad, because I’m sure they could fix all of this easily and get a lot of profit from GOG, but they prefer to spend their time elsewhere for some reason
Gog, how are you even securing accounts?
You mean securing access to accounts through 3rd party TOTP, which again, isn’t sessioning access authenticatively. We already invented that.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.
Rules
1. Submissions have to be related to games
Video games, tabletop, or otherwise. Posts not related to games will be deleted.
This community is focused on games, of all kinds. Any news item or discussion should be related to gaming in some way.
2. No bigotry or harassment, be civil
No bigotry, hardline stance. Try not to get too heated when entering into a discussion or debate.
We are here to talk and discuss about one of our passions, not fight or be exposed to hate. Posts or responses that are hateful will be deleted to keep the atmosphere good. If repeatedly violated, not only will the comment be deleted but a ban will be handed out as well. We judge each case individually.
3. No excessive self-promotion
Try to keep it to 10% self-promotion / 90% other stuff in your post history.
This is to prevent people from posting for the sole purpose of promoting their own website or social media account.
4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts
This community is mostly for discussion and news. Remember to search for the thing you’re submitting before posting to see if it’s already been posted.
We want to keep the quality of posts high. Therefore, memes, funny videos, low-effort posts and reposts are not allowed. We prohibit giveaways because we cannot be sure that the person holding the giveaway will actually do what they promise.
5. Mark Spoilers and NSFW
Make sure to mark your stuff or it may be removed.
No one wants to be spoiled. Therefore, always mark spoilers. Similarly mark NSFW, in case anyone is browsing in a public space or at work.
6. No linking to piracy
Don’t share it here, there are other places to find it. Discussion of piracy is fine.
We don’t want us moderators or the admins of lemmy.world to get in trouble for linking to piracy. Therefore, any link to piracy will be removed. Discussion of it is of course allowed.
Thanks, and added.
Although it would have been nice if I could “upgrade” from email based 2step instead of having to disable it.
FINALLY
Now when will Steam do this?
deleted by creator
They do. Just not 3rd party.
What does GOG’s 2FA do that Steam’s 2FA doesn’t?
At a glance (haven’t enabled yet, will later today), GoG uses the RFC standard TOTP model. This means you can use whatever app you want whether that is the google authenticator that ties it to your cloud account, something related to your password manager (e.g. keepass or bitwarden), or even just a python script you have in a random directory. It gives you control of your 2FA and protects you in the event you lose a device without properly de-authenticating it.
Valve use their own model that, to my knowledge, is only accessible through the Steam mobile app. Which is a huge nightmare if you ever have a device stolen/damaged (and is why you back up the recovery code)
Just enabled. Yup, bog standard TOTP and they even provide the plaintext key so that I don’t have to extract it from a QR code.
Unless I’m missing something, Steam only does code to email 2FA, not an actual TOTP app
Steam works with a normal TOTP app for me, hell, it works with two normal TOTP apps for me
Teach a brother how? I swear I couldn’t find it anywhere in the account settings.
I don’t quite remember how to get the TOTP secret from the Steam app (they could in fact take notes from GOG here), iirc you have to extract it from the Android app via adb;
but once you have it, if this GitHub comment is correct you simply have to set the code size to 5 digits.
If your phone has a rooted Android install, I found this guide.
… I swear when I did it, it wasn’t this hard ._.
Idk why people think they cant add steam, i have it in my Aegis app.
How did you manage? Thought steam 2fa was tied to steams app?
How? I can’t get it to give me the key, it just asks me to download their stupid app.
Thanks, immediately went to set it up. No issues. Also works properly in combination with keepassxc’s TOTP feature.
Thanks for this. Long overdue from GOG.
Their platform is really outdated. Can’t even edit or remove a game review without contacting support. It’s dumb. They’re losing precious time because of this
EDIT: Not sure what I meant for “precious time”
the store is a losing proposition right now from CDPR perspective. I am just happy to have a different place I can buy games that’s not steam
Any competition is good :)
They’ll need to put more effort into it. Make their APIs more open & maybe even fund Wine ?
Oh & DEFINITELY bring Galaxy 2.0 to linux, NATIVELY
I’d love that but don’t get your hopes up, they can only do one small change every few years. You’re asking them for at least 3 centuries of dev time
Do you consider Itch.io to be a viable platform ??
I don’t think it has cloud saving, easy wine/proton, API for achievements and shit… just overall unfit for “bigger games”. It has similar functionality to GOG’s offline downloads. I haven’t really used it so can’t say.
I probably won’t try it if they also take a huge cut from sales like 30% or somethingEDIT: They seem to let you choose whatever you want, and charge 10% by default (https://itch.io/docs/creators/payments#open-revenue-sharing). That’s neat! However, payment method fees always apply. You can opt into them collecting the money through their account at seemingly no fee, and won’t be exposed to chargebacks. That’s incredible!We can’t even edit the cookies section in their app or website and GOG is EU company btw, it’s bonkers!
It’s sad, because I’m sure they could fix all of this easily and get a lot of profit from GOG, but they prefer to spend their time elsewhere for some reason
It’s about time!
Does it still work with Heroic and Lutris?🤔
About time
Gog, how are you even securing accounts? You mean securing access to accounts through 3rd party TOTP, which again, isn’t sessioning access authenticatively. We already invented that.