How ratu365 Two-Factor Authentication Works
Two-factor authentication relies on "something you have" (your phone) plus "something you know" (your password). When you enable 2FA in your ratu365 account settings, we register your phone number in our system. From that point forward, every login attempt on an unfamiliar device triggers an SMS delivery to that number. You receive a code, enter it into our login form within five minutes, and gain account access. If you do not enter the code within five minutes, the code expires and you must request a new one.
We also require 2FA for sensitive operations like changing your password, updating your registered email, or initiating withdrawals above a certain threshold. This multi-layered approach ensures that even if someone obtains your password, they cannot access your account or move your funds without physical possession of your phone.
On your trusted devices, you can elect to skip 2FA for 30 days by checking a "Trust this device" checkbox during login. This convenience feature reduces friction for frequent players while maintaining security for casual or new-device access. Your trusted-device list appears in your account settings, and you can manually revoke trust at any time.
Enabling 2FA on Android APK
Open ratu365 on your Android device by launching our APK app. Log in with your email and password. Tap Account or Settings (depending on your app version), then locate the Security section. Tap "Enable Two-Factor Authentication." We display your registered phone number and prompt you to confirm it. If the number is incorrect, update it before proceeding. Once confirmed, we send an SMS code to verify the number. Enter the code in our form to activate 2FA. Your app displays a success message and generates a backup code—save this code somewhere safe in case you lose access to your phone.
The APK remembers your trusted-device status across app restarts, so once you verify 2FA on your phone, future logins on that same device will not require a code unless you clear the app cache or 30 days pass. You can revoke trust manually in your account settings at any time.
Enabling 2FA on iOS Browser
Open Safari (or your preferred browser) on your iPhone or iPad and navigate to ratu365.id. Log in with your credentials. Tap your account avatar or menu button, select Account Settings, and scroll to Security. Tap "Set Up Two-Factor Authentication." Confirm your phone number matches the registration, and we send an SMS code. Enter the code to activate 2FA. The browser saves your trusted-device status, so future logins on Safari from the same device will not require a code until 30 days elapse or you manually revoke trust.
Login Flow with 2FA Enabled
When you log in on a new device after enabling 2FA, our system detects the unfamiliar access point and sends an SMS code to your registered phone. You enter your email and password, and our form prompts you for the code. Once you enter the correct code, you gain account access. This verification step applies to logins from new IP addresses, new browsers, or after eight hours of inactivity.
If you do not receive the code within two minutes, check your phone's SMS inbox and spam folder. If nothing appears, tap "Resend Code" in our login form. We send a new code immediately. The entire process typically takes less than two minutes.
2FA During Withdrawal Requests
When you request a withdrawal above a designated threshold (typically large amounts), ratu365 requires 2FA verification even if you are already logged in on a trusted device. This protects your funds by ensuring that anyone initiating a withdrawal has physical access to your phone. Our withdrawal form displays a field asking for your 2FA code. We send an SMS, and you enter the code to confirm the withdrawal. Only after verification do we process your request.
This step is mandatory for security and cannot be bypassed. If you do not have your phone during a withdrawal attempt, you cannot complete the transaction. You can retry later when your phone is accessible.
Two-factor authentication is not perfect—it adds friction to login—but it stops the majority of account takeovers because attackers rarely have your phone.
Recovery: Lost Phone and Backup Codes
If you lose or replace your phone, you cannot receive SMS codes, which blocks you from logging in or withdrawing. We provide backup codes during 2FA setup—each backup code can be used once instead of an SMS code. Store these codes securely (not on your new phone until you've accessed your account). If you've lost your backup codes and cannot access your account, contact our support team via email. We verify your identity using KYC documents and account details, then reset 2FA on your account so you can log in with your new phone number.
Account recovery via support can take up to 24 hours, so we strongly recommend storing your backup codes in a safe place, such as a password manager or physical document locked in your home.
- SMS delivery
- We send 2FA codes via SMS to the phone number you registered during account setup. Delivery typically occurs within seconds, but network delays can extend this to two minutes during peak times.
- Code expiry
- 2FA codes expire after five minutes. If you do not enter the code within this window, tap "Resend Code" to receive a new one. Old codes do not work after expiry.
- Backup codes
- We generate ten single-use backup codes during 2FA setup. Each replaces an SMS code if you lose phone access. Once used, a backup code cannot be reused.
- Trusted devices
- After successful 2FA verification, you can opt to trust a device for 30 days. Future logins on that device skip 2FA unless you manually revoke trust or the 30-day window closes.
2FA Across Payment Methods and Withdrawal Processing
Whether you withdraw to DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or a bank account (mobile banking, local payment, online payment, e-wallet), 2FA applies equally. Our withdrawal form requires 2FA verification regardless of payment method or amount. This ensures consistent security across all transaction types. Users in Jakarta, Surabaya, Bandung, and Medan all follow the same 2FA protocol during account login and fund transfers.
We do not bypass 2FA during holidays like Idul Fitri, Idul Adha, or Imlek—security standards remain unchanged year-round. Plan your withdrawals knowing that you will need access to your phone to complete the process.
2FA Advantages
- Stops password-only account takeovers
- SMS-based, no app installation required
- Optional for regular logins, mandatory for withdrawals
- Backup codes provide recovery if phone is lost
2FA Limitations
- Requires active phone access for every login on new devices
- SMS can be delayed during network congestion
- Phone loss locks you out until identity verification
- SMS interception is theoretically possible (rare)
Data Handling and SMS Privacy
We only store your phone number in encrypted form and use it solely for 2FA delivery. We do not sell or share your number with third parties. Our SMS provider handles message transmission under confidentiality agreements. Your 2FA SMS contains only your verification code and does not include sensitive account details like balance or bet history.
We log all 2FA attempts (successful and failed) for security auditing. If you see unexpected 2FA requests or login attempts, this log allows us to investigate and help you secure your account. You can review your recent login history in your Account Settings under Security.
Security Confidence
Users rate 2FA for effective account protection and peace of mind.
