manistoto Quick Login - Account Access & Security

We maintain two-factor authentication (2FA) as an optional overlay, password reset via email, and device-management controls so you can remotely log out sessions from unknown devices. Deposits via DANA, e-wallet, mobile banking, local payment, online payment, and bank transfer (e-wallet, mobile banking, local payment, online payment) remain tied to your verified account, not to individual devices. This guide covers how our login system works, what 2FA protects, and how to recover access if you lose your password.

How Quick Login Works on manistoto

When you first open the manistoto app or visit manistoto.app, you see a login screen. If you have logged in before on that device, you have three options: one-tap Quick Login (if you have enabled biometric unlock), enter your password manually, or request a password reset. One-tap login uses your device's biometric scanner (fingerprint or face recognition) to unlock your manistoto session without re-entering credentials.

Behind the scenes, your biometric data never leaves your device. We store only an encrypted token that your phone unlocks locally. When you tap to authenticate, your device sends a signed token to our servers—we verify the signature, confirm your session is still valid, and grant access. No password is transmitted; no biometric scan is sent to us.

Setting Up Quick Login

Quick Login requires one initial setup step. Open your account settings, navigate to Security > Quick Login, and choose your unlock method: fingerprint, face, or PIN. Your device will prompt you to confirm your biometric or PIN; once confirmed, Quick Login is active. On your next login, you see the biometric prompt instead of the password field.

If you have multiple devices, each can have Quick Login configured independently. Your account credentials are the same across devices; Quick Login simply changes the unlock method per device. Logging in on your laptop may require your password; logging in on your phone uses your fingerprint. Both methods access the same account.

Biometric vs. Password Trade-offs

Biometric unlock (fingerprint, face) is convenient and secure for your personal device. If your device is lost or stolen, a thief cannot unlock it without your biometric data, which we do not store. However, if you use Quick Login on a shared or public device, we recommend you disable it afterward in your security settings.

Password login remains available alongside Quick Login. You can disable biometric unlock at any time by returning to Security > Quick Login and choosing "Disable." Your password continues to work, and you can re-enable biometric login later.

Two-Factor Authentication (2FA)

Two-factor authentication adds a second verification step: after you enter your password (or unlock with biometric), you must provide a code from your phone or email before access is granted. 2FA is optional but recommended, especially if you manage large account balances or withdraw regularly.

We support two 2FA methods: time-based one-time password (TOTP) via an authenticator app like Google Authenticator or Authy, and email-based codes. TOTP is more secure because the code is generated locally on your device; email codes are sent through our system and depend on email provider delivery. Choose the method that suits your threat model.

Password Reset & Account Recovery

If you forget your password, click "Forgot Password?" on the login screen. We send a reset link to your registered email. The link expires after one hour for security. Click it, set a new password, and you can log in immediately with the new credentials.

If you do not have access to your registered email, contact our support team via the Support page. You will need to verify your identity by providing your account details (username, date of birth, phone number, or ID). This process may take one business day. We do this to prevent account hijacking: an attacker who gains your email access should not be able to reset your manistoto password without proof of identity.

Device Management & Logout

Your account can be logged in on multiple devices simultaneously. To see all active sessions, go to Account > Device Management. You see a list of devices (phone, laptop, tablet) with their last-access timestamp and approximate location (based on IP address). If you see a device you do not recognize, click "Logout" next to it. This immediately ends that session; the device will require a fresh login next time.

Idle sessions—accounts left open without action for subject to verification—automatically log out for security. This timeout applies to all devices equally. When you return and want to access your account, Quick Login or password entry brings you back in within seconds.

Account Verification & KYC During Login

Your first login completes; your second login may trigger Know-Your-Customer (KYC) verification if you attempt to deposit or withdraw. KYC collects your full name, date of birth, phone, and email. We verify this against government ID databases to prevent fraud and money-laundering risk. Verification usually takes one business day.

Once your account is verified, future logins do not re-request KYC. Your verification status persists across sessions and devices. If you update your email or phone number, we re-verify that change—an email or SMS code confirms the new contact info.

Quick Login removes friction from repeated access, but verification and security checks remain unchanged. We still encrypt your session, still verify your identity on first withdrawal, and still monitor for fraud.

Payment Methods & Linked Accounts

Your payment method—e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, or bank account (local payment, online payment, e-wallet, mobile banking)—is linked to your manistoto account, not to your device or your Quick Login method. When you log in from a new device and deposit, you can use any of your saved payment methods without re-linking them. This means if you set up local payment during a session in Jakarta, you can withdraw to online payment from a session in Semarang or Surabaya without additional steps.

First withdrawal from a new device may trigger an additional security check: we ask you to confirm your deposit method and may request ID verification. This is normal fraud prevention; it resolves within one business day once documents are submitted.

Session Security & Encryption

Every manistoto session—Quick Login or password—uses TLS 1.3 encryption. Your password, balance, bet history, and payment information are encrypted in transit. We do not store your biometric data; we store only an encrypted token signed by your device. No one can impersonate you by stealing this token—it is device-specific and useless outside your phone.

If you use public Wi-Fi (coffee shop, airport), your encrypted session is still protected. A third party on the same network cannot intercept your login or steal your balance because all data is encrypted between your device and our servers. Public Wi-Fi is safe for manistoto as long as you use Quick Login or a strong, unique password.

Timezone & Regional Access During Login

Our services are available only where local law permits online gaming. We do not operate in jurisdictions where online wagering is prohibited by statute. When you attempt to log in from a geo-blocked region, our system detects your IP address and blocks access. This is not a temporary glitch—it reflects applicable law in your location.

If you travel between regions (for example, from Medan to Jakarta for Idul Fitri), your login works in any jurisdiction where we operate. If you travel to a region where we do not operate, you cannot log in. We do not offer VPN workarounds or alternative login methods to bypass geo-restrictions.

Support & Account Lockout

If you attempt six incorrect passwords in a row, your account temporarily locks for subject to verification. This protects against brute-force attacks. After the lockout expires, you can log in again. If you lock yourself out repeatedly, contact our support team. They can unlock your account immediately after confirming your identity.

Support is available via in-app messaging, email, or the Help section in your account. Response times vary by queue volume; we do not publish guaranteed response windows but prioritize account-access issues. During peak hours (Liga 1 match days, around Idul Adha or Idul Fitri), response may be delayed, but urgent lockouts are typically resolved within 1-2 hours.

Trusted Device & Remember Me

After you log in successfully, you have an option to "Remember this device" or "Trust this device for 30 days." Selecting this skips password entry on your next login—Quick Login or device unlock suffices. This convenience trades off some security: if someone borrows your phone, they can access manistoto without a password. Use "Remember Device" only on personal devices you fully control.

You can revoke "Remember Device" status from your account settings at any time, or from the Device Management screen. All trusted devices can be revoked simultaneously if you suspect a device has been compromised.

Summary: Quick Login Workflow

manistoto Quick Login streamlines repeated access by allowing biometric or PIN unlock instead of password entry every session. Your first setup takes two minutes: enable fingerprint or face recognition in your security settings. Subsequent logins tap biometric and you are in within seconds.

Security is not compromised: we still encrypt your session, verify your identity on first withdrawal, monitor for fraud, and support 2FA if you want an extra layer. Password reset remains available, device management lets you log out unknown sessions, and payment methods are securely linked to your account across all login methods.

Use Quick Login on your personal device for convenience. On shared or public devices, disable biometric unlock and log out when finished. Contact support if you lose access to your email or phone—we can restore your account after identity verification. Your manistoto account is secure whether you use Quick Login, password, or 2FA.