dadunations Two-Factor Authentication - Android & iOS Mobile App

This guide covers how to enable two-factor authentication on dadunations, which verification methods work best on mobile, how recovery codes keep you safe if you lose access to your phone, and what happens during a withdrawal when two-factor authentication is active. We'll walk through the mobile experience step-by-step—everything from the initial setup on Android to verifying codes on iOS Safari.

What two-factor authentication does on dadunations

Two-factor authentication works by requiring a second proof of identity beyond your password. When you enable two-factor authentication on dadunations, you choose a verification method—typically SMS to your phone number or a code from an authentication app. When you log in, you enter your password first, then your second factor (the SMS code or app code). Both must be correct before you access your account.

The purpose is straightforward: if someone obtains your dadunations password, they still can't access your account without the second factor. This is especially important if you've stored payment methods on dadunations—DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfers. Two-factor authentication acts as a barrier between your account and unauthorized withdrawals.

On the dadunations platform, two-factor authentication is managed through your account settings, accessible on both Android and iOS. The setup takes under five minutes, and once enabled, two-factor authentication activates for every login—whether you're accessing dadunations from your phone in Jakarta, Surabaya, Bandung, or Medan, or from a different device entirely.

Enabling two-factor authentication on mobile

For Android users, open the dadunations app, tap your profile icon, navigate to Security Settings, and select "Enable Two-Factor Authentication." You'll be asked to choose between SMS (a code sent to your phone) or an authenticator app (like Google Authenticator or Authy, which generates time-based codes on your device). SMS is faster on mobile because the code arrives instantly as a text message. Authenticator apps are slightly more secure because the code never travels through SMS—it's generated locally on your phone.

If you're using iOS, the same process works through our mobile web interface in Safari or your preferred browser. Tap your account menu, go to Security, and select "Enable Two-Factor Authentication." You'll see the same choice: SMS or authenticator app. Both methods work seamlessly on iOS, and the verification code prompt appears directly in the browser during login.

SMS codes versus authenticator apps

SMS-based two-factor authentication sends a code to your registered phone number every time you log into dadunations. The code is valid for ten minutes, and you enter it directly into the app or browser after your password. This method is convenient on mobile because the code arrives as a text notification you can tap immediately. However, SMS relies on your phone's signal and the cellular network, so if you're in an area with poor reception, the code may arrive slowly.

Authenticator apps (Google Authenticator, Microsoft Authenticator, Authy, or similar) generate codes on your device using a shared secret. You don't need network access to generate the code—it works offline. The trade-off is that you need to manually copy the code from the app and paste it into dadunations during login. On Android, this is quick; on iOS, it's equally smooth because Safari lets you copy from other apps seamlessly.

We recommend SMS for most users on mobile because it's the fastest flow: code arrives, tap it, you're in. For users who prioritize absolute security and don't mind a few extra taps per login, an authenticator app is the stronger choice. You can switch between methods anytime in your security settings.

Recovery codes and account access

When you enable two-factor authentication on dadunations, we generate a set of backup recovery codes—typically ten single-use codes that let you log in if you lose access to your SMS number or authenticator app. These codes are crucial. We strongly recommend saving them somewhere safe: write them down on paper, store them in a password manager, or both. Do not store them in your phone's notes app alone, because if you lose your phone, you lose both your second factor and your backup codes.

During the setup process on your Android app or iOS browser, dadunations will show your recovery codes on screen and ask you to confirm you've saved them. This step matters—it ensures you have a way back into your account if your phone is stolen, lost, or breaks. Each recovery code can be used once, and once all ten are used, you'll need to disable and re-enable two-factor authentication (which generates a fresh set of codes).

If you ever use a recovery code to log in, we'll notify you via email and ask you to verify your identity. This extra step prevents unauthorized account access even if someone has obtained both your password and your recovery codes.

Two-factor authentication during withdrawal and verification

When you request a withdrawal from your dadunations account to e-wallet, mobile banking, local payment, online payment, or e-wallet, two-factor authentication becomes an extra safeguard. If two-factor authentication is enabled, you'll need to provide your second factor (SMS code or authenticator app code) before the withdrawal is submitted. This ensures that even if an attacker knows your password, they cannot withdraw your funds without your phone or authenticator device.

Additionally, during identity verification (KYC), which happens when you first deposit using mobile banking, local payment, online payment, or any payment method, two-factor authentication adds a layer of confirmation. When dadunations asks you to verify your identity, we'll send a code to confirm it's really you making the request. This multi-step verification keeps your account and linked payment methods secure, especially around major holidays like Idul Fitri or Idul Adha when account access may be more sensitive.

Choosing a phone number for two-factor authentication

The phone number you register for two-factor authentication SMS should be a number you actively use and keep secure. It's best to use your primary phone number, the one you're most likely to have with you when you access dadunations. If you have multiple devices (a phone and a tablet), you can set up two-factor authentication on your main phone, and the SMS code will still arrive to your registered number even if you're logging in from the tablet on iOS.

If you change your phone number in the future, you can update it in your dadunations account settings. When you do, we'll ask you to confirm your identity to ensure the number change is legitimate. This protects against attackers trying to hijack your account by changing your two-factor phone number to their own.

Disabling and resetting two-factor authentication

If you decide two-factor authentication isn't right for you, you can disable it anytime from your account security settings on Android or iOS. The process requires you to confirm your password, so an attacker can't simply turn it off without accessing your account. Once disabled, your next login will not require a second factor, though you can re-enable it whenever you want.

If you've lost your authenticator app or phone number and can't log in, use one of your recovery codes to access your account, then reset your two-factor authentication method. From your security settings, you can disable the old method and set up a new one—choosing SMS, an authenticator app, or disabling two-factor authentication entirely if you prefer.

Related guides