How two-factor authentication works on ligaibc
Two-factor authentication on ligaibc uses one of two methods: an authenticator app or SMS codes sent to your phone. Here's the flow:
- You visit ligaibc.id and enter your email and password on the login page.
- Our system recognizes your credentials are correct and asks for your second factor.
- If you chose an authenticator app, you open the app on your phone, find the ligaibc entry, and copy the 6-digit code that appears. If you chose SMS, we send a code to your phone number, and you type it into the login form.
- You submit the code. If it's correct and hasn't expired (codes expire after 30 seconds), we log you in.
- You now have full access to your account—deposits, game play, and withdrawals.
The entire login process takes about 30 seconds longer than without 2FA. This small extra step greatly reduces the risk of account takeover, especially if your email password is weak or reused across many sites.
We support two authenticator apps: Google Authenticator (available on both iOS and Android) and Authy (also cross-platform). Both apps generate time-based codes independently, so they work offline—no internet required after initial setup. When you enable 2FA on ligaibc, we display a QR code. You scan this code with your authenticator app, and the app automatically adds ligaibc to your list of protected accounts.
Alternatively, you can choose SMS-based 2FA. We send a 6-digit code to your registered phone number each time you log in. SMS codes also expire after 30 seconds, and you can request a new code if you miss the window. SMS is convenient if you don't want to manage a separate app, but it requires an active phone signal or internet connection.
Enabling two-factor authentication on ligaibc
To enable 2FA on ligaibc, log into your account and navigate to Settings → Security → Two-Factor Authentication. The page displays options for authenticator app or SMS. Choose your preferred method:
- Authenticator app: We show a QR code and a manual setup key. Open Google Authenticator or Authy, scan the QR code, and confirm. The app displays a 6-digit code. Enter that code on our page to verify the app is correctly configured.
- SMS: Provide or confirm your phone number. We send a test code to your phone. Enter the code to verify your phone number is correct and reachable.
After you confirm your 2FA method, we show you a list of backup codes—typically 10 codes. Save these codes in a safe place (a password manager, a physical notebook, or a secure document). If you lose access to your authenticator app or phone, these backup codes let you log in and disable 2FA so you can regain full access to your account.
Once 2FA is enabled, every login requires your second factor. If you travel or switch phones during holidays like Idul Fitri or Idul Adha, you'll still be able to log in as long as you have your authenticator app installed on your new phone or your phone number is updated for SMS.
Backup codes are a safety net. If you lose your phone or switch devices, these codes ensure you can still access your account without waiting for support.
Two-factor authentication versus account security without 2FA
2FA Enabled
- Attacker needs password AND your phone
- Code expires in 30 seconds—time pressure
- Protects deposits and withdrawals
- Backup codes prevent lockout
Password Only
- Attacker needs password only
- No time pressure to intercept access
- Vulnerable to phishing and data breaches
- No second layer of protection
2FA is especially important if you make frequent deposits via DANA, e-wallet, mobile banking, local payment, or online payment Transfer, or if you withdraw winnings regularly. It also protects your gaming activity—no one can access your Aviator tournaments, slot leaderboards, or Liga 1 betting markets without your phone.
What to do if you lose access to your 2FA device
If you lose your phone, buy a new device, or stop using your authenticator app, you can still regain access using your backup codes.
If you have your backup codes: On the 2FA login screen, look for a "Use backup code instead" or "Can't access your authenticator?" link. Enter one of your backup codes. Each code can only be used once, and we mark it as spent after you use it. You'll then be logged in. Go to Settings → Security → Two-Factor Authentication and either disable 2FA temporarily or reconfigure it with your new device.
If you lost your backup codes too: Contact our support team. We ask you to verify your identity by providing your username, registered email, and recent deposit method (e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, or mobile banking). We may also ask for a copy of your ID or bank statement to confirm you're the account owner. This process takes 4–8 business hours during weekday support windows (Monday–Friday, 08:00–18:00 Jakarta time). Once verified, our team disables 2FA on your account so you can log in with just your password and re-enable 2FA with your new device.
Backup codes are critical—save them now
When you enable 2FA on ligaibc, immediately save your backup codes in a password manager (like Bitwarden or 1Password) or write them on paper in a secure location. Losing both your phone and your backup codes complicates account recovery.
2FA and account recovery on ligaibc
If you forget your password, you can reset it via the "Forgot Password?" link on the login page. We send a password reset email to your registered email address. Once you reset your password, you can log in using that new password—2FA still applies, so you'll still need your authenticator code or SMS code.
If someone gains access to your email account and changes your ligaibc password, 2FA still protects you. They would need your phone to generate the 2FA code, which they don't have. In this scenario, contact our support team immediately. We can verify your identity and recover your account by temporarily disabling 2FA, resetting your password, and helping you re-secure your account.
2FA also integrates with our withdrawal process. When you request a withdrawal to your local payment, online payment, e-wallet, mobile banking, or local payment account, we confirm your identity twice: once at login (with 2FA) and again during the withdrawal itself. This dual check ensures only you can move funds out of your account.
2FA best practices on ligaibc
To maximize the security of your ligaibc account:
- Use an authenticator app over SMS: Authenticator apps (Google Authenticator, Authy) are more secure than SMS, which can be intercepted or redirected by attackers. Apps work offline and don't rely on your carrier's network.
- Save backup codes immediately: After enabling 2FA, save your backup codes in a password manager or a secure, offline location. Don't store them on your computer desktop or in a plain email.
- Keep your phone secure: Use a strong lock screen password on your phone. If your phone is lost or stolen, thieves could bypass 2FA if they can unlock your device.
- Update your 2FA if you change phones: When you upgrade to a new phone, install your authenticator app on the new device and scan the QR code in your ligaibc account settings. This ensures your new phone generates codes that match our system.
- Don't share your 2FA codes: Never give anyone your 6-digit code, backup codes, or QR code. ligaibc support will never ask for these.
If you suspect your account has been compromised—for example, if you see unfamiliar deposits or withdrawals—change your password immediately and contact our support team. We can review your account activity and help you secure it.