GOG is such an extremely low priority target, I don't think they even register as a possibility.

On top of that the only thing they could possibly steal is the pass word which might be the same as for your email, but considering the possibility that everything is even remotely coded and the level of computer sawy of most users here, the chances of gaining anything meaningful are near nil.

Oh, and a small clarification.

I'm not saying that a 2nd layer of security during login is bad and/or unwanted. I'm saying that at the current time, GOG doesn't have anything worthwhile to need a better protection. Should there be any monetary value to a GOG account, I will also advocate for an extra security layer. But so far, it's not needed.

HB uses Authy as I said, it is optional so they don't really ask you to activate it (It's in Account Settings). Origin uses a similar system to that of Steam Guard, where they send you a temporary unlock code via email to trust the computer from which you are logging in.

Well this is my favorite statement in this thread.

It has your games which you paid money for. That's good enough for a reason to add more security. And speaking of e-Wallets, it would be quite handy if GOG.com has one!

I try my best.

This^

My games also reside on a disk next to me, and as mentioned before, access to them would be returned in a few days. As for the hijacker, he would get access to games one can find in less than 5 minutes of searching.
So no, I still don't find said protection worth giving a phone number for.

Now to see what authy is.

Edit: Ah, additional application that requires more info. Nah, I still prefer Blizzard's Authenticator as a second layer, since it only requires the authenticator and nothing else.

A very good practice in terms of security is storing as few customer data as possible and I think GOG is doing a good job in this case (e.g. by refraining from storing payment data).

Where there is no data, there's nothing to steal. Storing a mobile number for a second layer of security on the other hand rises more security issues than it solves in my opinion. While this second layer is mandatory for highly sensible transactions like online banking, it's definitely not necessary for every simple website account. On the contrary, you loose security for important cases if you use it everywhere. Why is that? Because, if you want to intercept a bank transaction involving a second layer like a mobile phone, you have to plant malware on both, the PC and the mobile phone. For an easy start, you need tons of corresponding contact data, that is email addresses and mobile phone numbers. Every once in a while a company gets hacked and leaks customer data (there are lots of examples every year). They always store email addresses, but if they also store mobile phone numbers, the stolen data becomes much more valuable, let alone you add credit card numbers.

Somebody who steals or buys stolen data has now every contact information he needs to start an attack (e.g. by tricking the victim into opening links in emails or offering "updates" for the smart phone).
You might have added security to the login to GOG, but in the long run you weaken security by distributing your personal data, in this case your phone number. I'd also advise to delete phone numbers from every other web service, where preventing account intrusion isn't absolute crucial.

It's much more important to use A) long cryptic passwords and B) different passwords for every account, to be on the safe side.

Exactly so I'm against this. Adding a second layer of protection to GOG.com accounts would only make things more of a pain in the ass for everyone. And if someone is the kind of person that finds it okay to break into someone's account for free games then obviously, he or she has no problem with pirating games. And a person always chooses the easy path and it's a lot easier to pirate games than break into someone's GOG account... The worst thing, a person could do after breaking into someone account is post messages that would result in negative consequences for the owner of the account. For example, post something 99.9% of GOGers find disgusting or evil so the owner of the account loses 1000000000 rep. But other than that, they can only just re arrange your GOG shelf and download GOGs after breaking into an account.

Fuck me sideways and call me Sally, People are agreeing with me when i'm sober.

Who are you folk and what did you do with the forum?

What a truly horrifying prospect.

You: "Can you please remove VR Soccer from my account? It was put there by hackers."

GOG Support: "No, we won't. Maybe that'll teach you to be more careful with your account and passwords. In fact, here, we add Daikatana as well. Let that be a lesson to you."

Alrighty then, majority wins. I wasn't actually complaining about the existing security here. Just requesting more account protection as a feature since some digital game vendors use it, and it brings a peace of mind to people like me who worry too much!

EDIT: On a side note I am laughing over the VR Soccer joke! It's especially funny when I have it hidden from view...

If someone is determined to hack you even 10 layers of protection won't stop em, but this guys generally don't do or care about it couse it's probably childs play for em.

No offence, but for someone who worries this much about security, you don't seem to mind handing out personal info to sites and companies.