Classic and indie games download service GOG.com gets more secure as of today: the powers that be have added an optional two-step login, much like what Steam has employed for years now.
As with Steam, it will prompt you to enter a code sent to your email when you attempt to login from a new browser or location, thus hacking into your account becomes that much more difficult. Additionally, you can clear all of your active GOG sessions across every device and browser to ensure nobody but you has access.
Taking it further, the HTTPS encryption supported by the GOG Galaxy client for awhile now is going to extend across the entire service: the store, forum, chat, downloads, and all of Galaxy. A slow rollout has already begun, and will be complete within the coming weeks.