Back in March, following the lead of Steam, Battle.net, and a great many other services, GOG incorporated a two-step login system to help keep its users' accounts from falling into the hands of unscrupulous jerks. Basically, anytime something "unusual" happens, like connecting from a new browser or location, GOG will send an email to confirm that you are who you claim to be—or notify you that a jerk is dicking around with your stuff, as the case may be.
"Two-step login is optional, but we really recommend it," GOG said at the time. "When used to its full potential with unique passwords for every account, two-step login can be virtually impenetrable."
But it looks like we weren't getting the hint that, as with so many things in life, "really recommend it" is code for "do it or have it done to you." GOG announced today that, while two-step logins remain optional, it will be automatically enabled on all current accounts, unless you opt out, on October 24. The first time you log in after that date (and on subsequent "unusual" logins), you'll be sent an email with a unique code while you'll have to enter in order to proceed. "If you're using GOG most from home or work, you should only be required to use the two-step code very rarely," it said.
Two-step logins can be disabled via this link prior to October 24, and through your account settings after, although GOG strongly discourages you from doing so. And so do I: I grumble every time Valve makes me reach for my phone to grab a code from the Steam authenticator (which, to be fair, really only happens when I'm throwing away money on Steam cards) but it's a whole lot less annoying than waking up to discover that I've been locked out of my games (and my cards!) by some unscrupulous jerk.