guci — your Game Start.

guci Two-Factor Authentication - Liga 1Premier League & Live Markets

Indonesia's online gaming market processes millions of transactions monthly across DANA, e-wallet, mobile banking, and bank transfers. Protecting each account from unauthorized access is not optional — it is foundational to how we operate. Two-factor authentication (2FA) is an optional security layer we offer to users who want an extra verification step before login or withdrawal.

Open an account

Two-Factor Authentication

and
Category: Live Table / Card
RTP: high; high

We do not mandate 2FA, but we recommend it for anyone managing regular deposits or accessing live-dealer tables during high-traffic periods like Liga 1 matchdays or Piala AFF tournaments. This guide walks through how 2FA works on guci, what methods we support, and how to enable or disable it in your account settings.

What Two-Factor Authentication Means on guci

Two-factor authentication requires two separate pieces of information to access your account: your password (something you know) and a second factor (something you have or something you are). On guci, the second factor is typically a time-based code sent to your phone or generated by an authenticator app.

When 2FA is enabled, logging in follows this flow: you enter your username and password as usual, then the system prompts you for a code. You retrieve that code from your phone (via SMS, email, or an app), enter it, and gain access. If someone has your password but not your phone, they cannot log in. This is why 2FA significantly reduces account takeover risk.

We offer 2FA as an optional feature because not all users need it. If you log in from a single device at home and rarely withdraw, the added step may feel unnecessary. But if you travel, use public WiFi, or manage frequent transactions during Liga 1 season or Piala Indonesia tournaments, 2FA is a practical safeguard.

2FA does not replace password strength

A strong, unique password is still your first line of defense. 2FA adds a second layer; it does not substitute for a secure password.

Two-Factor Methods We Support

guci supports three 2FA delivery methods. You can enable one, multiple, or none — the choice is yours.

SMS code: We send a six-digit code to your registered phone number. You enter it within a set window (usually subject to verification). This method works on any phone with SMS capability.
Email code: We send a code to your registered email address. You copy it from your inbox and paste it into the login prompt. Email is slower than SMS but works if your phone is unavailable.
Authenticator app: You install a free app (Google Authenticator, Microsoft Authenticator, Authy, or similar) on your phone. The app generates a new six-digit code every 30 seconds without needing internet. This method is the fastest and does not depend on SMS delivery.

Most users who enable 2FA choose SMS or an authenticator app. Email is a backup option if your phone is lost or stolen. You can switch between methods in your account settings at any time.

Enabling 2FA in your guci account settings

Setting up 2FA on guci

Navigate to your account settings and select "Security." Choose your preferred 2FA method. If you pick SMS or email, we verify your contact details. If you pick an authenticator app, we show you a QR code to scan with your phone.

Once set up, 2FA activates immediately. Your next login will require the second factor. We recommend testing it right away so you are familiar with the flow before a high-stakes session during Champions League or a Piala AFF match.

When 2FA Is Triggered

On guci, 2FA does not trigger on every action — only on specific high-security events. This keeps the experience smooth while protecting your account.

2FA is required when:

You log in from a new device or browser for the first time.
You log in from a different city or country (detected by IP address).
You initiate a withdrawal to a new payment method (e.g., a DANA account you have not used before).
You change your password or email address.
You disable 2FA itself (to prevent someone from turning it off without your knowledge).

If you log in from the same device, same location, and same network repeatedly, 2FA may not trigger every time. This is intentional — we balance security with usability. You are not forced to enter a code for every session if your login pattern is consistent.

SMS code entry during login

Authenticator app generating live codes

guci security dashboard overview

Backup and Recovery Codes

When you enable 2FA, we generate a set of one-time recovery codes. Each code can be used once if you lose access to your phone or authenticator app. We recommend you save these codes in a safe place — a password manager, a locked drawer, or a trusted family member's secure location.

Recovery codes are long strings (e.g., 16 characters) that bypass the normal 2FA prompt. If your phone is stolen or your authenticator app is deleted, you can use a recovery code to log in and disable 2FA or re-enable it with a new device.

If you use all your recovery codes and lose your phone, you will need to contact our support team. We can verify your identity (via email, previous login history, or payment method) and help you regain access. This process takes longer than using a recovery code, so keeping your codes safe is important.

Tip: Store recovery codes separately from your password. If someone finds your password file, they should not also find your 2FA codes in the same place.

Disabling or Changing 2FA

You can disable 2FA at any time by going to your account settings and selecting "Security." We will ask you to confirm your identity (usually by entering your current 2FA code or a recovery code). Once confirmed, 2FA is turned off immediately.

If you want to switch from SMS to an authenticator app, or vice versa, you disable the old method and enable the new one. There is no waiting period or penalty. The change takes effect right away.

If you are traveling and expect to lose phone signal, you can temporarily disable 2FA before your trip and re-enable it when you return. This is a normal use case, and we do not flag it as suspicious.

Common 2FA Issues and Solutions

Code expired before I entered it: 2FA codes are valid for subject to verification. If you miss the window, request a new code. Most systems allow you to click "Send code again" or "Resend" on the login screen.
I entered the code but it says "invalid": Check that you are entering the code correctly (no spaces, no typos). If your phone's clock is out of sync with our servers, authenticator app codes may not match. Sync your phone's time in settings and try again.
I lost my phone and cannot access my recovery codes: Contact our support team with proof of identity (email address, previous login details, or payment method). We can verify you and help you regain access.
I am traveling and my SMS is not arriving: Switch to email or an authenticator app if SMS is unreliable. Email codes are slower but do not depend on cellular signal.
I forgot which 2FA method I set up: Log in without 2FA (if you are on a trusted device), go to settings, and check. If you are locked out, use a recovery code or contact support.

Advantages of 2FA

Prevents unauthorized login even if password is compromised
Protects withdrawals to new payment methods
Optional — you control whether to use it

Limitations of 2FA

Adds a step to login and withdrawal
Requires you to keep recovery codes safe
Does not protect against phishing if you enter credentials on a fake site

2FA and Withdrawal Security

When you request a withdrawal on guci, we verify your identity through multiple checks. If 2FA is enabled, we may ask for your 2FA code before processing the withdrawal. This is especially true if you are withdrawing to a new payment method (a e-wallet account you have not used before, for example) or if the withdrawal amount is unusually large.

This extra step protects both you and us. It ensures that the person requesting the withdrawal is actually you, not someone who gained access to your account. Withdrawals to familiar payment methods from your usual device may not trigger 2FA every time, but high-risk withdrawals always will.

If you are withdrawing during a busy period — such as after a Liga 1 match or during Idul Fitri holidays when many users are active — our system may take longer to process your request. This is not because of 2FA; it is because our payment partners are handling high volume. 2FA itself does not slow down withdrawals.

Withdrawal flow with 2FA enabled

You request a withdrawal to your mobile banking or local payment account. Our system checks if this is a new payment method or an unusual amount. If so, we prompt for your 2FA code. You enter it, and the withdrawal moves to our payment partner for processing.

The entire 2FA verification takes less than a minute. Once verified, the withdrawal is queued and processed according to our standard timelines. 2FA does not delay the actual transfer to your bank or e-wallet.

2FA verification during withdrawal request

Summary: 2FA on guci

Two-factor authentication is an optional security feature we offer to protect your guci account. It requires a second verification step (SMS code, email code, or authenticator app) when you log in from a new device, change your password, or withdraw to a new payment method.

Enabling 2FA takes a few minutes and significantly reduces the risk of account takeover. We provide recovery codes so you can regain access if you lose your phone. You can disable 2FA at any time, and switching between SMS, email, and authenticator app is straightforward.

If you manage regular deposits during Liga 1 season, Piala AFF tournaments, or Champions League matches, or if you use public WiFi, we recommend enabling 2FA. If you log in from a single trusted device at home, 2FA is optional. The choice is yours.

Related guides

Payments