How Two-Factor Authentication Protects Your Account
Authentication is the process of proving you are who you say you are. With a password alone, anyone who obtains that password can log in. With 2FA, logging in requires two separate proofs: something you know (your password) and something you have or do (a code from your phone, an email confirmation, or a biometric).
On ong368, we use 2FA at two key moments: when you first log in, and when you request a withdrawal. If someone gains access to your password through a data breach or a phishing email, 2FA stops them from withdrawing money or changing your account details.
Our 2FA system is built into the same login page where you enter your username and password. After you submit your credentials, the next screen asks for your second factor. The process takes less than a minute if you have your phone nearby.
We support three 2FA methods on ong368: SMS-based codes sent to your registered phone number, time-based codes from an authenticator app (like Google Authenticator), and email confirmation links. You can choose the method that fits your device and preference.
SMS-Based Codes
This is the simplest method for most users. When you log in or request a withdrawal, ong368 sends a six-digit code to the phone number on file. You enter that code into the login screen, and access is granted. The code expires after five minutes, so only someone with access to your physical phone can use it.
SMS codes work with any phone, including older devices. They require no app installation. If you travel between Jakarta and Bandung or use multiple devices, SMS remains consistent across all of them.
Authenticator App Codes
An authenticator app generates time-based codes on your phone without requiring an internet connection. Google Authenticator, Microsoft Authenticator, and Authy all work with ong368. When you enable this method, we provide you with a unique code to scan using your app. After that, every 30 seconds the app displays a new six-digit code specific to ong368.
This method is slightly more secure than SMS because it does not rely on your mobile carrier's SMS system. If someone steals your SIM card, authenticator codes continue to work on your phone even if SMS messages are rerouted.
Save your backup codes
When you first enable authenticator-app 2FA, ong368 gives you five backup codes. Store these somewhere safe—a locked document or a password manager. If you lose your phone, these codes let you regain access to your account.
Email Confirmation Links
The third method sends a confirmation link to your registered email address. When you log in or request a withdrawal, click the link in the email to complete authentication. This method works well if you have consistent access to your email on a second device, such as a tablet or a work computer.
Email links expire after subject to verification. Unlike SMS and authenticator codes, they do not require you to type anything—a single click confirms your identity.
Two-Factor Authentication During Withdrawals
Payment security is a core concern on ong368. When you request a withdrawal using QRIS, e-wallet, mobile banking, local payment, online payment, or a bank transfer to e-wallet, mobile banking, local payment, or online payment, we ask for 2FA confirmation a second time. This double-check ensures that only you can move money out of your account.
The withdrawal process includes four steps: you enter the amount and payment method, we verify your account balance, we request your second factor, and we process the transfer to your bank or digital wallet. Once the second factor is confirmed, your withdrawal moves to the payment provider within minutes.
Setting Up Two-Factor Authentication on ong368
The 2FA setup page is located in your account settings. You can reach it by logging in, clicking your username in the top-right corner, and selecting "Security Settings." From there, you choose your preferred method and follow the on-screen prompts.
- For SMS: Enter your phone number, verify it by entering the test code we send, and confirm. SMS 2FA is active immediately.
- For Authenticator app: Download the app, return to ong368, select "Set up authenticator," scan the QR code, and enter your first code to verify. Save your backup codes before finishing.
- For Email: We confirm the email address already on file, send a test link, and ask you to click it. Email 2FA is active once you confirm.
You can enable multiple 2FA methods at once. For example, you might use SMS as your primary method and save backup codes from an authenticator app in case you lose your phone. When you log in, you are prompted for whichever method you last used, but you can choose a different one from the login screen.
Two-Factor Authentication and Your Payment Options
ong368 supports deposits and withdrawals through a range of payment methods common across supported jurisdictions. 2FA protects your account regardless of which method you use. If someone gains access to your account, they cannot withdraw your funds without your second factor, even if they attempt to change your withdrawal bank or payment app.
Recovering Your Account if You Lose Your Second Factor
Life happens: phones get lost, SIM cards are replaced, or you switch to a new device. If you lose access to your 2FA method, ong368 support can help. Visit our help desk, confirm your identity using your email address and account details, and we walk you through re-enabling 2FA with a new method.
This is why we recommend saving backup codes if you use authenticator app 2FA. Backup codes are one-time-use codes that work even if your app stops working. Keep them in a safe place—a password manager, a locked note, or a printed document stored at home.