Greentext

A lot of games just came with a key printed on the user manual or the disk packaging, which was just an alphanumeric code the user entered during game install or on first launch and which was validated algorithmically (no "phone home" to check a database of installs).

Some games did required the disk to be inserted to play: the floppy, CD or DVD were mastered with strange characteristics that could only be there in mastered read-only media - this was especially easy in CDs and DVDs as the read-only ones were literally stamped - and could not be replicated in recorded media, so they worked like a physical key that allowed only one instance of the game to run at any one time. I would say this was a form of DRM, but non-intrusive since it didn't try to take over parts of the OS and only affected that game when it was running.

The era of highly intrusive DRM whose impact went beyond the game itself started in the 00s when the use of the Internet became widespread, i suppose partly because taking over the OS and blocking other programs is the cheap-ass solution for the problems of cheating in online games (the costly solution involves proper game server and systems architecture design and is more computationally demending on the server side) and online gaming was becoming big during that decade (for example, WOW is from 2004) and partly as a counter to how the Internet made it much easier to distribute first game keys and later game cracks so really all it took to subvert "game keys" or the physical-media-as-a-key was for somebody out there putting on the Internet the game key code they got when they bought the game or cracking the game and then posting that on the Internet and suddenly hundreds of thousands or millions of people could bypass the game "protections".

The stuff we see in Steam is basically a centralized online keycheck, so the kind of thing which became increasingly common in the early 00s, only this one is more intrusive because it will check the key EVERYTIME YOU LAUNCH THE GAME, whilst the original key checking (both the earlier algorithmic check and later the "phone home" online checking) only checked once, either during install or at first launch, so with the Steam version you have less freedom: in the old days, algorithmic key check meant games could be installed and run entirelly offline, plus you were able to install the game in more than one machine, whilst online validation did require online during install or first launch but never again after that so you could play offline forever from then onwards, whilst the Steam kind at best only lets you be offline for a certain time period and then requires online again to revalidate.

The stuff in GOG is mainly how it was way back in the 90s before even game keys or, at most (and only for a handful of games), you get a game key which is validated algorithmically on install or first start, thus online is never required and nothing restricts you from installing the game in more than one machine (which is absolutelly legit if they're all your machines and you only ever play the game in one of them at a time).