Building a strong password on qqplaza
Your qqplaza password is the first line of defense for your account. A strong password on qqplaza contains at least 12 characters, mixing uppercase letters, lowercase letters, numbers, and symbols. Avoid common patterns: birthdays, sequential numbers, dictionary words, or variations of your username. A password like "MyLiga1-Bet2024!" is strong; "password123" or "qwerty" are not.
Do not reuse passwords across multiple sites. If your email provider is compromised and your password is exposed, a hacker can try the same credentials on qqplaza, your bank, and other platforms. Using unique passwords for each site means your qqplaza account remains secure even if your password leaks elsewhere.
Change your qqplaza password every 90 days, or immediately if you suspect it has been compromised. You can update your password anytime from your account settings. When you change your password, all existing sessions are logged out automatically—you will need to log in again with your new password on all devices.
Two-factor authentication setup
Two-factor authentication (2FA) on qqplaza requires a second verification method beyond your password. We support two types: SMS-based codes sent to your phone, and authenticator apps like Google Authenticator or Authy. When you enable 2FA, every login attempt requires both your password and a time-based code from your phone.
SMS-based 2FA is easier to set up and works on any phone. When you log in, we send a 6-digit code to your registered phone number; you enter it to complete login. Authenticator apps are more secure because they do not rely on SMS, which can be intercepted. We recommend using an authenticator app if your phone supports it.
Setting up 2FA step-by-step
Log into your qqplaza account, navigate to Account Security, and select "Enable 2FA". Choose SMS or authenticator app. If SMS, confirm your phone number and we will send a test code. If authenticator app, scan the QR code with your app and enter the code it generates. Confirm the setup, and 2FA is active.
Write down your backup codes and store them somewhere safe. If you lose access to your phone or authenticator app, backup codes let you regain access. Without backup codes, you may be locked out of your account temporarily while we verify your identity.
Securing your payment methods
Your payment methods on qqplaza (DANA, e-wallet, mobile banking, local payment virtual account, online payment transfer, e-wallet, etc.) are linked to your account but not stored directly on our servers. When you deposit via mobile banking or local payment, the transaction happens through the payment provider's secure gateway. We never see your card details or full account numbers.
Still, you should protect your payment method security. If someone gains access to your qqplaza account, they could initiate a withdrawal to a payment method you have not authorized. Prevent this by enabling withdrawal PIN on your account. A withdrawal PIN is a separate 4-digit code you enter whenever you request a payout. Even if someone knows your qqplaza password, they cannot withdraw funds without your withdrawal PIN.
Review your linked payment methods regularly. In your Account Settings, you can see every online payment wallet, e-wallet account, mobile banking virtual account, and other payment method linked to qqplaza. If you see a payment method you did not add, remove it immediately and contact our support team.
Remove old payment methods when you stop using them. If you closed your local payment account but it is still linked to qqplaza, remove the link. This reduces the surface area for unauthorized access. Keep only the payment methods you actively use for deposits and withdrawals.
- Withdrawal PIN
- A 4-digit code required for every withdrawal; protects against unauthorized payouts even if your password is compromised.
- Registered payment method
- Only payment methods you have added to qqplaza can receive withdrawals; check this list regularly for unauthorized entries.
- Transaction history
- Review every deposit and withdrawal in your account dashboard; report any transactions you did not authorize immediately.
Managing your qqplaza sessions and devices
Your qqplaza account can be logged in on multiple devices simultaneously: your phone browser, your desktop, the qqplaza mobile app. This is convenient but also a security risk if a device is compromised. qqplaza provides a session manager showing every active device and login time. You can log out from any device remotely, instantly revoking access even if the device is lost or stolen.
Check your active sessions regularly, especially if you play on shared devices or public WiFi. If you see a login from a city you do not recognize (e.g., a session from Medan while you are in Jakarta) or a device you do not use, log it out immediately. After you log out, that device needs your password and 2FA code to regain access.
Public WiFi is a risk. If you use qqplaza on public WiFi at a cafe or airport, use a VPN to encrypt your connection. Without encryption, attackers on the same network can intercept your login credentials. After you finish playing on public WiFi, log out completely and change your password when you get home.
Detecting and reporting suspicious activity
qqplaza monitors your account for suspicious activity and alerts you in real time. If someone attempts to log in from an unusual location or device, we send you a notification and may require additional verification. If we detect unusual betting patterns or large unexpected withdrawals, we flag them for review.
You should also watch for red flags. Unexpected balance changes, withdrawals you did not request, or emails from qqplaza about account changes you did not make all indicate unauthorized access. If you notice anything suspicious, log out immediately, change your password, and contact our support team.
During tournaments like Liga 1, Piala AFF, or Champions League, your account activity increases naturally. We account for this in our fraud detection. But if your activity suddenly spikes far above your normal pattern—placing bets at 3 AM when you normally play during the day, for example—we will ask you to confirm the activity is yours before processing a large withdrawal.
What to do if your account is compromised
If you believe someone has accessed your qqplaza account without permission, act immediately. First, use a secure device (not the compromised one) to log into qqplaza. Second, change your password using the password reset feature. Third, enable 2FA if you have not already. Fourth, review your session activity and log out all active sessions.
Contact our support team with details of the unauthorized access. We will review your account history, check for fraudulent withdrawals, and help you regain full control. If funds were withdrawn fraudulently, we investigate and may reverse the transaction depending on the circumstances and payment method used.
Phishing awareness and qqplaza
Phishing attacks trick you into revealing your credentials by impersonating qqplaza. Common tactics include fake emails asking you to "verify your account" or "confirm your payment method," fake login pages that look like qqplaza but are actually scam sites, or messages claiming you have won a bonus and need to log in to claim it.
Protect yourself by never clicking links in unsolicited emails. Instead, go directly to qqplaza.app in your browser or use the official qqplaza mobile app. If an email from qqplaza seems suspicious, forward it to our support team. We will confirm whether it is legitimate. Real qqplaza emails come from addresses ending in @qqplaza.app or @support.qqplaza.app—anything else is fake.
Check URLs carefully. A phishing site might be named something like "qq-plaza.app" or "qqplaza-verify.app"—subtle differences designed to fool you. Always verify you are on the real qqplaza.app domain before entering your login credentials or payment information.