How Quick Login Works on Your Phone
The first time you install our Android app or open dino69.app in Safari, you enter your email address and password. Our servers verify your identity, check your KYC status, and issue a session token. This token is stored locally on your phone inside the secure enclave (iOS) or keystore (Android)—areas of your device that even we cannot access directly. The next time you open the app, our system checks for a valid token. If one exists and has not expired, you skip the login form entirely and land on your account dashboard.
We call this "quick login," and it is the default behaviour once you are verified. You do not need to enable it or flip a switch; it happens automatically. Your session remains active for up to 12 hours of continuous app usage. If you close the app and do not return for more than 12 hours, your token expires for security. The next time you open dino69, you see the login screen again.
On Android and iOS, we offer an additional layer: biometric authentication. After your first successful password login, you can enable fingerprint recognition or face ID in our account settings. From that point forward, opening dino69 and tapping "Login with fingerprint" (or "Login with Face ID" on iOS) authenticates you instantly—no password, no typing. Your biometric data is stored only on your phone; we never see it or store it on our servers.
This biometric flow is optional. If you prefer to enter your password each time, you can disable biometric login in settings. Some players disable it for extra caution; others enable it for speed. We support both approaches. If your phone is lost or stolen and someone tries to use your biometric, they face a limit of five failed attempts before the app locks them out temporarily.
Session Management and Inactivity Timeout
Our security model treats sessions like temporary passports. Once you log in, a session token is issued and encrypted on your phone. This token grants you access to your account, balance, and betting slip. We transmit this token over encrypted HTTPS only—never in plain text. Our servers validate the token on every request, so if the token is revoked (e.g., you log out on another device), your session ends immediately.
Inactivity timeout is important. If you open dino69 on your phone, place a bet on a Liga 1 match, and then set the phone down for 12 hours, your session expires automatically. When you pick it back up and tap a button—say, to check your balance—you are prompted to log in again. This prevents unauthorized use if your unlocked phone is found or borrowed. We notify you via email when your session expires, so you know someone accessed your account at that time.
Session tokens are device-specific and encrypted.
If you log in on your Android phone and separately on an iOS tablet, each device receives its own token. Logging out on your phone does not affect your tablet session. We recommend logging out on all devices if you suspect unauthorized access.
Password Reset and Account Recovery
If you forget your password, our recovery flow is built for mobile. On the login screen, tap "Forgot password?" and enter your registered email. We send a reset link to your inbox within seconds. Tap the link, and it opens a form in your browser (or in-app) where you set a new password. The new password takes effect immediately. Any existing sessions remain valid until their 12-hour inactivity window expires; after that, you log in with your new password.
If you no longer have access to your email account, account recovery becomes more complex. We verify your identity by requesting your national ID number (KTP for Indonesian citizens), your phone number, and possibly a deposit history or recent withdrawal reference. Once we confirm your identity, we can help you regain access. This process typically takes 1–2 business days. We take account security seriously, so we do not rush identity verification—this protects you from unauthorized takeovers.
Two-Factor Authentication and Security Settings
We at dino69 offer optional two-factor authentication (2FA) for added security. In your account settings under "Security," you can enable 2FA via email or SMS. Once enabled, every login—whether on phone or desktop—requires a second verification step. After entering your password, you receive a code via email or SMS and must enter it within subject to verification. This prevents unauthorized login even if someone steals your password.
2FA is optional because it slows down the quick-login experience. If you enable it, our app remembers your device and may skip the second factor on subsequent logins for 30 days (you can disable this per-device memory in settings). Most players in Jakarta and Surabaya who handle sensitive betting patterns prefer 2FA; casual players often skip it for speed.
Mobile-Only Features: Push Notifications and Session Alerts
Our Android and iOS apps send push notifications to keep you informed about your account without requiring you to open the app. We notify you when a withdrawal is approved, when a promotional bonus is credited, when a live table closes, or when your session is about to expire (subject to verification before timeout). You control which notifications you receive in your settings; we offer four tiers: all, games only, account only, or silent.
These notifications help you stay engaged without being intrusive. During Idul Fitri or Imlek holidays, we adjust notification frequency to respect cultural observance. You can also set quiet hours—for example, no notifications between 10 PM and 8 AM. Our push system runs on Firebase (Google) for Android and Apple Push Notification service (APNs) for iOS, so notifications arrive securely and encrypted.
- Session timeout window
- 12 hours of inactivity. After that, you must log in again.
- Biometric retry limit
- 5 failed fingerprint or face attempts trigger a 15-minute lockout.
- Password reset link validity
- Reset links expire after 24 hours for security.
- 2FA code window
- 2FA codes remain valid for subject to verification after issue.
Cross-Device Login and Desktop Access
Quick login is primarily a mobile feature, but your account access extends to desktop. If you log in on your phone, your session is specific to that phone. Logging into dino69.app on a desktop browser creates a separate session. We track all active sessions in your account settings under "Active sessions"—you can see which devices are currently logged in and log them out remotely if needed.
Desktop login uses the same password flow as mobile, but there is no biometric unlock on desktop (since most desktop keyboards lack fingerprint readers). On desktop, you enter your password and, if 2FA is enabled, your second verification code. The session then expires after 12 hours of inactivity, just like mobile. This cross-device synchronization means your balance, game history, and betting slip update instantly across all logged-in devices.