BPL and IPL aksara88 Community.

aksara88 Two-Factor Authentication & Account Security

Two-factor authentication (2FA) is our account-security layer that asks you to verify your identity in two steps: your password, then a second factor sent to your phone or email. On aksara88, we enable 2FA to protect your deposit methods (DANA, e-wallet, mobile banking, local payment, online payment, and bank transfers via e-wallet or mobile banking virtual accounts), your gaming activity across slots and live tables, and your withdrawal requests. This guide walks you through enabling 2FA, managing your recovery codes, and what to do if you lose access to your second-factor device.

Open an account

Two-Factor Authentication

Brand

Category

Live Table / Card

RTP

high

high

We recommend activating 2FA before your first deposit, especially if you plan to play slot tournaments (Aviator, Sweet Bonanza, Fortune Tiger) or access our live-dealer tables. The setup takes three minutes and requires a smartphone or email account. Once active, 2FA remains in place across all your logins, whether you play on desktop or mobile.

Setting Up Two-Factor Authentication

Enabling 2FA on aksara88 involves four steps. First, log into your account dashboard and navigate to Settings → Security. You'll see a "Two-Factor Authentication" toggle. Click "Enable" and choose your second-factor method: we support SMS to your mobile number or authenticator apps (Google Authenticator, Microsoft Authenticator, Authy). If you choose SMS, we'll send a code to the number you registered during account opening. If you choose an authenticator app, we'll display a QR code that you scan with your phone.

Once you select your method, we'll ask you to verify with a test code. If you're using SMS, wait for the text message and enter the 6-digit code. If you're using an app, open the app on your phone and enter the code it shows. After successful verification, we'll display a list of 10 backup codes. Write these down or screenshot them—these are your recovery path if you lose access to your phone or email.

After you activate 2FA, every future login will ask for a second code. We'll send the SMS code immediately after you enter your password, or you'll pull the code from your authenticator app. The code expires after 30 seconds, so have your phone ready when you log in. Once you've logged in with 2FA enabled, your session remains active for up to 24 hours—you won't need to re-verify on every page.

Second-Factor Methods and Security

We offer two second-factor types on aksara88, and each has different security and recovery profiles. SMS is the simpler option: after you log in with your password, we send a 6-digit code to your mobile number. You enter the code and gain access. SMS is fast and requires no app download, but it depends on your mobile provider—if you lose your SIM card or change numbers, you'll need your backup codes to regain access. We rotate the SMS codes every 30 seconds, so each code works only once.

Authenticator apps (Google Authenticator, Microsoft Authenticator, Authy) are more secure because the code lives only on your phone, not on our servers or your phone provider's network. When you enable an authenticator app, we give you a QR code to scan, and your app then generates a new 6-digit code every 30 seconds. The app works offline—you don't need mobile signal to generate the code. If you switch phones, you'll need your backup codes to regain access, or you'll need to contact our support team.

Which Method Should You Choose?

Choose SMS if you want the simplest setup and you trust your mobile provider's SIM security. Choose an authenticator app if you want the strongest second-factor protection and you have a spare phone or cloud backup configured. Most of our players use authenticator apps because they work even if your phone loses signal, and a lost phone is less likely to be intercepted than an SMS code.

We recommend authenticator apps especially if you're withdrawing funds via DANA, e-wallet, mobile banking, or local payment, or if you're playing in our Liga 1 and Piala AFF sportsbook markets. The higher security baseline protects your payment methods.

Recovery Codes and Account Recovery

When you enable 2FA, we generate 10 single-use backup codes. Each code can recover your account if you lose access to your second-factor device. Store them offline—in a password manager, a locked drawer, or printed on paper. If you lose your phone and your backup codes, you can still recover your account by contacting our support team with valid KYC documents (identity card, proof of address). Recovery by KYC verification typically takes 2–3 business days. If you have a backup code, recovery is instant: enter your backup code in place of the 2FA code on the login screen, and you'll regain access.

Backup codes are one-time use. Once you use a code, we mark it as spent and remove it from your account. We recommend regenerating your 10 backup codes every time you rotate your second-factor method (for example, if you switch from SMS to an authenticator app, or from one authenticator app to another). To regenerate, go to Settings → Security → Two-Factor Authentication → Regenerate backup codes. Your old codes will stop working immediately.

2FA and Your Withdrawal Process

2FA works alongside our withdrawal review process. When you request a withdrawal to online payment, e-wallet, mobile banking, local payment, or your bank account (via online payment, e-wallet, mobile banking, or local payment virtual accounts), we ask you to confirm the withdrawal with a second 2FA code. This ensures that even if someone gains access to your password, they cannot move your balance without also having your phone or authenticator app. Withdrawals are then reviewed by our compliance team before your funds leave aksara88. During the review window, your withdrawal status shows as "pending" in your account history. We notify you via email once the withdrawal clears.

If you have 2FA enabled and you attempt a withdrawal, the flow is: (1) you request withdrawal and specify the payment method; (2) we ask for a 2FA code as confirmation; (3) you enter the code; (4) your withdrawal enters our review queue. Only after review do we send the funds to your bank or e-wallet. This layered approach—2FA confirmation plus internal review—means your withdrawal is protected at two checkpoints.

Disabling 2FA and Account Security Trade-offs

You can disable 2FA at any time by going to Settings → Security and toggling the 2FA switch off. We'll ask you to confirm with your current 2FA code before we allow the disable. Once disabled, your account will only require a password for login—no second factor. We strongly advise against disabling 2FA if you've made deposits or registered payment methods. Accounts without 2FA are vulnerable to password-theft attacks, phishing, and unauthorized access.

If you play regularly on aksara88 slots (Aviator, Sweet Bonanza, Gates of Olympus, Fortune Tiger, Mahjong Ways), participate in our daily and weekly tournaments, or access our live-dealer tables, keeping 2FA enabled protects your balance and your tournament winnings. Disabling 2FA should only be a temporary step during account recovery—re-enable it as soon as you regain access.

Troubleshooting 2FA Issues

If your 2FA code is rejected, first check the code's timestamp. Codes expire every 30 seconds, so if you wait more than a few seconds after the code appears, it may have rotated. Try generating a new code from your authenticator app or requesting a fresh SMS code. If the code is fresh and still rejected, your device time may be out of sync. On most phones, sync time automatically, but you can also manually check: open Settings → Date & Time and ensure the time matches your system clock. Authenticator apps depend on accurate device time.

If you're locked out (you've lost your phone, forgot which authenticator app you used, or lost all backup codes), contact our support team with details of your situation. We operate support in multiple languages during business hours. We'll verify your identity using your KYC documents and account history, then we can temporarily disable 2FA, let you log in, and reset it with a new second-factor method. This process typically takes 2–3 business days. Have your identity card and account email address ready when you reach out.