GOG have added a couple of new security features to their website as of today. One of these is two-factor authentication, a technology of which I am a huge proponent:

Two-step login is an extra layer of protection for your GOG.com account. Every once in a while, we’ll ask you to verify your identity with a 4-character security code sent to your email. Simple stuff.

Two-step login is optional, but we really recommend it. It’s designed to bug you only when we notice something unusual — like logging in from a new browser or location. By doing this, we make sure that there’s no way to gain unauthorized access to your GOG.com account without both your GOG password and your email account. When used to its full potential with unique passwords for every account, two-step login can be virtually impenetrable.

To enable two-step login, simply head to your Login & Security settings, verify your email address, and enjoy the extra peace of mind. For more information, check out the FAQ.

Additionally, you can now end all of your active GOG.com sessions in one click — this includes every device or browser you ever logged in through. It’s a handy feature if you’ve recently used a public computer, or if you simply want to be sure no device is still logged in to your account.

I’ve already gone and enabled two-factor on my own GOG account, and I’d encourage you to do the same. GOG’s implementation isn’t the most elegant; they email you the login code, rather than allow for the use of a mobile authenticator app. In my experience, this can make for a bit of a slowdown in the login process; emails can sometimes take a few minutes to arrive (I’m looking at you, Star Wars: The Old Republic). Still, it’s a welcome layer of additional security for your account, especially if you have stored any sort of financial information with GOG.

Additionally, GOG have also begun the process of transitioning their entire site — not just certain areas of it — to HTTPS:

GOG Galaxy has already supported HTTPS everywhere for some time, and now we’re beginning to roll it out globally. That means HTTPS support for every connection between you and GOG.com — all secured with industry-standard encryption. Every bit (and byte) of data that travels between you, us, and everyone on GOG.com will be encrypted, including the store, forum, chat, downloads and even all of GOG Galaxy. It truly is HTTPS everywhere.

I’d also recommend the use of GOG Galaxy, by the way. It’s GOG’s version of Steam, and…well, if you think about the differences that are apparent between GOG and Steam already, the Galaxy client is different from the Steam client in essentially the same ways. And that’s a good thing.