tarung in your Account — in Start.
tarung Two-Factor Authentication – Piala AFF Markets & Mandiri Banking
We secure your tarung account with two-factor authentication (2FA), a verification layer that protects your credentials and funds across Liga 1 markets, live-dealer tables, and payment withdrawals via e-wallet, mobile banking, or local payment.
Open an account
Two-Factor Authentication
- Category
- Live Table / Card
- RTP
- medium
- high
Two-factor authentication is our standard safeguard for account login and sensitive actions—password reset, deposit confirmation, or withdrawal approval. When you enable 2FA on tarung, you pair your account with a second verification method (SMS, authenticator app, or email code) that must be entered after your username and password. This dual-step flow blocks unauthorized access even if someone obtains your login credentials.
Why tarung requires two-factor authentication
Account takeover remains a top risk in online gaming and sportsbook platforms. Attackers use leaked passwords or phishing emails to gain access to user accounts, drain balances, or lock legitimate owners out. We combat this by requiring 2FA as a foundational security layer across tarung. Once enabled, a password alone cannot unlock your account—an attacker would also need possession of your second factor (your phone, your email inbox, or your authenticator app).
This is especially critical during high-activity periods—Idul Fitri holidays, Liga 1 finals, or Champions League knockout stages—when trading volume peaks and phishing campaigns intensify. Our support team routinely sees account-compromise attempts during tournament windows. 2FA stops the majority of these before they reach your funds.
How tarung 2FA works – three verification methods
We offer three 2FA methods on tarung, each with its own setup flow and recovery pathway:
-
SMS-based 2FA
We send a six-digit code to your registered mobile number. You enter this code on the login screen within ten minutes. SMS 2FA is the simplest to set up—we store your phone number during account registration—and works on any phone type.
-
Authenticator app (time-based one-time password)
Apps like Google Authenticator, Microsoft Authenticator, or Authy generate a fresh six-digit code every 30 seconds tied to your tarung account. You do not rely on SMS or internet delivery—the code is generated locally on your device. This method is considered more secure because it does not depend on telecom infrastructure.
-
Email-based 2FA
We send a verification link or code to your registered email address. You click the link or paste the code to confirm your identity. Email 2FA suits users who prefer not to expose their phone number or who operate in regions where SMS delivery is unreliable.
You choose one primary method during setup, but we also encourage you to register a backup method (for example, SMS as primary and email as secondary). If your primary method fails—your phone is lost, your email is inaccessible—you can fall back to the secondary method or use recovery codes we generate during 2FA setup. Recovery codes are one-time passwords you store in a safe location; they bypass 2FA if you lose access to both primary and secondary channels.
We never store your recovery codes on our servers. You alone hold them. This design ensures that even if our database is compromised, an attacker cannot use recovery codes to access your account—only you possess them. During 2FA configuration on tarung, we display these codes once; you must screenshot them or print them and store them offline.
When tarung triggers 2FA during your session
We do not ask for 2FA every time you click a bet slip or view market odds. Instead, we activate 2FA at specific checkpoints where account security is most critical:
- Initial loginEvery time you sign into tarung from a new device or after your session expires, you enter your password and then your 2FA code.
- Withdrawal requestsBefore we process any withdrawal to DANA, e-wallet, mobile banking, local payment, online payment, or another payment method, we ask for your 2FA code. This prevents unauthorized fund transfers even if someone gains temporary access to your account.
- Password or email changesIf you request a password reset or update your registered email, we require 2FA confirmation to prevent attackers from locking you out.
- Sensitive profile editsChanges to your legal name, address, or banking details trigger 2FA as a precaution.
- Large or unusual depositsIf you fund your account with an uncommonly large amount or from a new payment method during a short window, we may ask for 2FA to verify it was you.
Device trust and code reuse
Once you log in successfully with 2FA on a device, we remember that device for 30 days. You will not be asked for 2FA again on that device during that window—unless you clear your browser cookies or you request a full logout. This balance lets you enjoy seamless access to tarung (checking Liga 1 odds, playing live blackjack) while maintaining security for new devices.
Setting up 2FA on your tarung account
Configuring 2FA takes fewer than five minutes. Log into your tarung account, navigate to Account Settings → Securityand select your preferred method:
-
Select your 2FA method
Choose SMS, authenticator app, or email. We display a e-walletef description of each and why we recommend the method you haven't yet used.
-
Verify your identity
We send a preliminary code to your phone (SMS) or email to confirm you control that device or inbox. You enter the code to proceed.
-
Add backup method (optional)
We recommend registering a secondary 2FA method. If your primary method becomes unavailable, you can still access your account and withdraw funds during tournaments like Piala AFF or Champions League.
-
Generate and save recovery codes
We display ten one-time recovery codes. Copy or print them and store them somewhere safe—your password manager, a locked drawer, a safety deposit box. These codes are your final fallback if both primary and secondary methods are unavailable.
2FA during high-volume trading windows
During major events—Liga 1 derby matches, Idul Fitri holiday gambling peaks, Champions League finals—market volatility and user activity surge. Our 2FA system is built to handle this load without delays. Even as thousands of users log in or request withdrawals across tarung, our authentication servers process your 2FA codes within milliseconds. You will not face delays in confirming your identity or accessing your bets.
However, if you use SMS 2FA in a region where telecom networks are congested during Idul Adha or Imlek holidays, SMS delivery may take a few extra seconds. For this reason, we recommend activating an authenticator app as a backup during peak seasons. Authenticator codes do not depend on telecom infrastructure and work instantly regardless of network load.
Key takeaways
- Enable 2FA in your tarung account settings to add a second verification layer beyond your password.
- Choose from SMS, authenticator app, or email; we recommend authenticator app for speed and reliability.
- 2FA is required for login, withdrawal, and account changes—not for every action on tarung.
- Save your recovery codes in a secure offline location; they are your final fallback if you lose access to your primary and secondary methods.
- Device trust means you will not re-enter 2FA on the same device for 30 days after a successful login.
Troubleshooting 2FA on tarung
If you cannot receive SMS codes, check that your registered phone number is correct in your tarung profile. If the number has changed, update it under Account Settings → Personal Info and request a re-verification. We will send a code to your new number to confirm the change.
If you use an authenticator app and your codes are not syncing with our servers, your device's clock may be out of sync. Authenticator apps rely on precise time to generate codes. Check that your phone's date and time are set to automatic synchronization. On Android and iOS, this is usually found under Settings → Date & TimeToggle on "Set automatically" or "Use network-provided time."
If you lose access to your authenticator app—your phone is stolen or the app crashes—use your backup method (SMS or email) to log in, then disable the broken authenticator and re-enable 2FA with a working method. If both primary and backup methods are inaccessible, use one of your recovery codes. You will be prompted for recovery code on the 2FA entry screen after you enter your password.
If all methods fail—no recovery codes, backup method unavailable, no phone access—contact our support team at your earliest convenience. Our team will verify your identity using account information (legal name, registered email, recent withdrawal history) and help you regain access to your tarung account. This process may take a few hours during peak trading windows (Liga 1 matchdays, Champions League nights), but we prioritize account recovery to ensure you do not miss critical markets or deposit/withdrawal windows.
2FA and payment security on tarung
Your 2FA code protects your tarung account, but it does not encrypt your payment details (credit card, bank account, mobile banking handle) stored in our system. We use industry-standard encryption (TLS 1.3) to transmit payment data and store payment tokens in PCI-compliant vaults separate from user passwords. When you withdraw to local payment, online payment, e-wallet, or mobile banking, the withdrawal itself does not expose your bank account number—we use tokenized references that our payment partners recognize.
However, 2FA is your first line of defense against unauthorized withdrawals. Even if an attacker somehow obtains your payment token, they still cannot initiate a withdrawal without your 2FA code. This layered approach means your funds on tarung are protected by both account-level security (password + 2FA) and payment-level security (PCI encryption + payment tokens).
When you request a withdrawal to local payment, online payment, e-wallet, or another bank, we ask for your 2FA code before processing. This step is non-negotiable. Our system will not route funds to your bank account without your explicit verification via the second factor. Once confirmed, your withdrawal enters our processing queue and is typically sent to your bank within one business day, subject to bank-side delays.
We never store your 2FA code. It is verified in real-time against our authentication server and then discarded. This means no one—not our staff, not third-party vendors—can retrieve or reuse your code. Each code is single-use and time-limited (typically valid for subject to verification on SMS / email, or tied to the 30-second refresh window for authenticator apps).
Compliance and data privacy with 2FA
We implement 2FA as part of our account verification and anti-fraud procedures. When you enable 2FA, you are opting into enhanced security at your own discretion. We do not mandate 2FA for all users—it is optional but highly recommended. However, we do require 2FA for users in high-risk categories (large account balances, frequent high-value withdrawals, or accounts flagged during routine security reviews).
Your 2FA credentials are protected under our standard data-privacy framework. We store phone numbers, email addresses, and authenticator app secrets (only hashed checksums, not the actual seed) in encrypted form on servers with limited access. We do not sell or share these details with third parties. Authenticator app seeds are encrypted and deleted if you disable 2FA. Phone numbers and emails are retained for account recovery purposes but are covered by our data-retention policy (detailed in our Privacy Policy at tarung Privacy Policy).
Our 2FA system is available only in jurisdictions where our services are legally permitted. If you are accessing tarung from a region where online gaming is prohibited, you will not be able to enable 2FA or use your account. Our geolocation checks happen before account setup, so this restriction applies at registration, not after 2FA configuration.