MajesticElevator@lemmy.zip
on 19 May 17:01
collapse
Their platform is really outdated. Can’t even edit or remove a game review without contacting support. It’s dumb. They’re losing precious time because of this
Do you consider Itch.io to be a viable platform ??
MajesticElevator@lemmy.zip
on 21 May 12:35
collapse
I don’t think it has cloud saving, easy wine/proton, API for achievements and shit… just overall unfit for “bigger games”. It has similar functionality to GOG’s offline downloads. I haven’t really used it so can’t say.
I probably won’t try it if they also take a huge cut from sales like 30% or somethingEDIT: They seem to let you choose whatever you want, and charge 10% by default (itch.io/docs/creators/payments#open-revenue-shari…). That’s neat! However, payment method fees always apply. You can opt into them collecting the money through their account at seemingly no fee, and won’t be exposed to chargebacks. That’s incredible!
Lootboblin@lemmy.world
on 23 May 08:51
nextcollapse
We can’t even edit the cookies section in their app or website and GOG is EU company btw, it’s bonkers!
MajesticElevator@lemmy.zip
on 23 May 10:22
collapse
It’s sad, because I’m sure they could fix all of this easily and get a lot of profit from GOG, but they prefer to spend their time elsewhere for some reason
MajesticElevator@lemmy.zip
on 23 May 10:21
collapse
Sonotsugipaa@lemmy.dbzer0.com
on 19 May 13:36
nextcollapse
What does GOG’s 2FA do that Steam’s 2FA doesn’t?
NuXCOM_90Percent@lemmy.zip
on 19 May 13:41
nextcollapse
At a glance (haven’t enabled yet, will later today), GoG uses the RFC standard TOTP model. This means you can use whatever app you want whether that is the google authenticator that ties it to your cloud account, something related to your password manager (e.g. keepass or bitwarden), or even just a python script you have in a random directory. It gives you control of your 2FA and protects you in the event you lose a device without properly de-authenticating it.
Valve use their own model that, to my knowledge, is only accessible through the Steam mobile app. Which is a huge nightmare if you ever have a device stolen/damaged (and is why you back up the recovery code)
Just enabled. Yup, bog standard TOTP and they even provide the plaintext key so that I don’t have to extract it from a QR code.
Teach a brother how? I swear I couldn’t find it anywhere in the account settings.
Sonotsugipaa@lemmy.dbzer0.com
on 19 May 16:30
collapse
I don’t quite remember how to get the TOTP secret from the Steam app (they could in fact take notes from GOG here), iirc you have to extract it from the Android app via adb;
but once you have it, if this GitHub comment is correct you simply have to set the code size to 5 digits.
If your phone has a rooted Android install, I found this guide.
I’m pretty sure it doesn’t but I’ll bite: How did you set that up?
Sonotsugipaa@lemmy.dbzer0.com
on 19 May 16:52
collapse
I don’t recall, I’ve set it up a few years ago - I’ve been trying to look for instructions for another comment, but it seems that they made it VERY difficult for people without rooted Android to obtain the TOTP secret.
Though it is RFC 6238 compliant, using 5 digits instead of 6.
Okay, let’s say there’s currently no native support for normal TOTP, mostly because Steam doesn’t give you access to your TOTP key.
Sonotsugipaa@lemmy.dbzer0.com
on 19 May 17:11
collapse
That much I can agree with at this point.
Actually, it’s arguably even worse - it’s not that Steam doesn’t support normal TOTP, it’s that Steam goes out of their way to prevent TOTP from being used without switching to an entirely new algorithm.
Could be worse. GOG’s approach is super annoying, and a lot of platforms (like fucking Apple) actually require the use of insecure and invasive SMS verification. And as far as I know Steam hasn’t been hit with any data breaches since 2011.
Sonotsugipaa@lemmy.dbzer0.com
on 19 May 17:31
collapse
require the use of insecure and invasive SMS verification
How did you manage? Thought steam 2fa was tied to steams app?
MangoPenguin@lemmy.blahaj.zone
on 21 May 13:05
collapse
How? I can’t get it to give me the TOTP key, it just asks me to download their stupid app.
AntiBullyRanger@ani.social
on 19 May 15:32
nextcollapse
2FA (Time-based One-Time Password) login
Gog, how are you even securing accounts?
You mean securing access to accounts through 3rd party TOTP, which again, isn’t sessioning access authenticatively. We already invented that.
baatliwala@lemmy.world
on 19 May 17:15
nextcollapse
About time
purplemonkeymad@programming.dev
on 19 May 17:17
nextcollapse
Thanks, and added.
Although it would have been nice if I could “upgrade” from email based 2step instead of having to disable it.
threaded - newest
FINALLY
Thanks, immediately went to set it up. No issues. Also works properly in combination with keepassxc’s TOTP feature.
It’s about time!
Thanks for this. Long overdue from GOG.
Their platform is really outdated. Can’t even edit or remove a game review without contacting support. It’s dumb. They’re losing precious time because of this
the store is a losing proposition right now from CDPR perspective. I am just happy to have a different place I can buy games that’s not steam
Any competition is good :)
They’ll need to put more effort into it. Make their APIs more open & maybe even fund Wine ?
Oh & DEFINITELY bring Galaxy 2.0 to linux, NATIVELY
I’d love that but don’t get your hopes up, they can only do one small change every few years. You’re asking them for at least 3 centuries of dev time
Do you consider Itch.io to be a viable platform ??
I don’t think it has cloud saving, easy wine/proton, API for achievements and shit… just overall unfit for “bigger games”. It has similar functionality to GOG’s offline downloads. I haven’t really used it so can’t say.
I probably won’t try it if they also take a huge cut from sales like 30% or somethingEDIT: They seem to let you choose whatever you want, and charge 10% by default (itch.io/docs/creators/payments#open-revenue-shari…). That’s neat! However, payment method fees always apply. You can opt into them collecting the money through their account at seemingly no fee, and won’t be exposed to chargebacks. That’s incredible!We can’t even edit the cookies section in their app or website and GOG is EU company btw, it’s bonkers!
It’s sad, because I’m sure they could fix all of this easily and get a lot of profit from GOG, but they prefer to spend their time elsewhere for some reason
EDIT: Not sure what I meant for “precious time”
Now when will Steam do this?
.
They do. Just not 3rd party.
What does GOG’s 2FA do that Steam’s 2FA doesn’t?
At a glance (haven’t enabled yet, will later today), GoG uses the RFC standard TOTP model. This means you can use whatever app you want whether that is the google authenticator that ties it to your cloud account, something related to your password manager (e.g. keepass or bitwarden), or even just a python script you have in a random directory. It gives you control of your 2FA and protects you in the event you lose a device without properly de-authenticating it.
Valve use their own model that, to my knowledge, is only accessible through the Steam mobile app. Which is a huge nightmare if you ever have a device stolen/damaged (and is why you back up the recovery code)
Just enabled. Yup, bog standard TOTP and they even provide the plaintext key so that I don’t have to extract it from a QR code.
Unless I’m missing something, Steam only does code to email 2FA, not an actual TOTP app
They have TOTP but only in their app.
So effectively, they don’t do what GOG is doing.
Not exactly, no
Steam works with a normal TOTP app for me, hell, it works with two normal TOTP apps for me
Teach a brother how? I swear I couldn’t find it anywhere in the account settings.
I don’t quite remember how to get the TOTP secret from the Steam app (they could in fact take notes from GOG here), iirc you have to extract it from the Android app via adb;
but once you have it, if this GitHub comment is correct you simply have to set the code size to 5 digits.
If your phone has a rooted Android install, I found this guide.
… I swear when I did it, it wasn’t this hard ._.
It
presumablyworks with a normal TOTP app.E: confirmed it works
Steam works with a normal TOTP app for me, hell, it works with two normal TOTP apps for me
I’m pretty sure it doesn’t but I’ll bite: How did you set that up?
I don’t recall, I’ve set it up a few years ago - I’ve been trying to look for instructions for another comment, but it seems that they made it VERY difficult for people without rooted Android to obtain the TOTP secret.
Though it is RFC 6238 compliant, using 5 digits instead of 6.
Okay, let’s say there’s currently no native support for normal TOTP, mostly because Steam doesn’t give you access to your TOTP key.
That much I can agree with at this point.
Actually, it’s arguably even worse - it’s not that Steam doesn’t support normal TOTP, it’s that Steam goes out of their way to prevent TOTP from being used without switching to an entirely new algorithm.
Could be worse. GOG’s approach is super annoying, and a lot of platforms (like fucking Apple) actually require the use of insecure and invasive SMS verification. And as far as I know Steam hasn’t been hit with any data breaches since 2011.
My honest reaction:
<img alt="" src="https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmedia1.tenor.com%2Fm%2FAmff2ONSDWYAAAAC%2Fhelldivers-2-helldivers.gif&f=1&nofb=1&ipt=8dbf2ff30bb9aac4c1898e168f9f50516ab0e7434a0fe31a2ef6356df9df5378">
Idk why people think they cant add steam, i have it in my Aegis app.
How did you manage? Thought steam 2fa was tied to steams app?
How? I can’t get it to give me the TOTP key, it just asks me to download their stupid app.
Gog, how are you even securing accounts? You mean securing access to accounts through 3rd party TOTP, which again, isn’t sessioning access authenticatively. We already invented that.
About time
Thanks, and added.
Although it would have been nice if I could “upgrade” from email based 2step instead of having to disable it.
Does it still work with Heroic and Lutris?🤔