How blocway Quick Login Works
When you arrive at blocway's login page, you enter your registered email and password. Our system validates these credentials against our encrypted account database. If authentication succeeds, we generate a session token that remains active for the duration of your browsing session. This token allows you to navigate between our sportsbook (covering Liga 1, Piala Indonesia, Piala AFF, Champions League, and other tournaments), live-casino tables, and account settings without re-entering credentials repeatedly.
We support two login flows: standard email-and-password entry, and optional quick-access recovery through email links if you've previously logged in from that device. The quick-access link remains valid for a limited window (typically one hour) and includes a unique identifier tied to your account. This approach balances convenience with security — we do not store passwords in plain text, and every login attempt is logged to your account's activity history for transparency.
Two-factor authentication strengthens account access
We offer optional two-factor authentication (2FA) as an additional security layer. Once enabled, successful email-and-password entry triggers a verification code sent to your registered email or authenticator app, confirming login legitimacy.
After successful Quick Login, you arrive at your blocway dashboard. From there, you can navigate to our sportsbook sections (football markets across Champions League, Premier League, Liga 1, and other tournaments), live-casino offerings (blackjack, roulette, baccarat, Dragon Tiger, and live-studio variants), or slot games (Aviator, Sweet Bonanza, Gates of Olympus, Fortune Tiger, Mahjong Ways). Your account settings, deposit history, and withdrawal queue remain accessible from a consistent menu structure.
Session Security and Password Management
blocway's Quick Login architecture prioritizes session integrity. When you log in, our servers generate a session identifier that is encrypted and stored both server-side and in your browser's secure cookie. This token includes metadata — login timestamp, IP address, device fingerprint — which allows us to detect unusual access patterns and alert you if someone attempts to use your account from an unfamiliar location or device.
Your password itself is never stored in readable form. We use industry-standard hashing algorithms (bcrypt) to transform your password into a cryptographic hash before storing it in our database. This means even if our database were compromised, attackers would face computational barriers to reverse-engineering your actual password. We recommend using a unique, strong password for blocway — a combination of uppercase, lowercase, numerals, and symbols reduces brute-force vulnerability.
- Session timeout
- Inactive sessions expire after a default window to reduce exposure if your device is left unattended. You can manually log out from account settings.
- Password reset flow
- If you forget your password, our reset email includes a time-limited link. Click it, and you'll be prompted to create a new password before regaining account access.
- Device logout
- You can remotely sign out of sessions from specific devices via your account security settings, useful if you suspect unauthorized access.
Login Across Devices and Platforms
blocway's Quick Login integrates across web browsers, mobile browsers, and our native Android app. When you log in on one device, that session does not automatically transfer to another — each device maintains its own session token. This design prevents account takeover if one device is compromised; a hacker with access to your browser session on a laptop cannot automatically access your account from your phone.
On mobile, we support both web-browser login (via blocway.com in Safari or Chrome) and direct app login. The app login flow is identical to web login — email, password, optional 2FA — but the app stores your session more securely using the device's built-in secure-storage APIs. If you uninstall and reinstall the blocway app, your previous session is cleared for safety; you'll need to log in again.
During major tournaments like Idul Fitri, Idul Adha, or Imlek, account access remains consistent across all platforms. We maintain synchronized session records so if you log in from Jakarta, then travel to Surabaya, Bandung, or Medan, your account remains accessible without interruption (subject to local law applicability).
Troubleshooting Login Issues
If you cannot log into your blocway account, we provide several diagnostic paths. First, verify you're using the correct email address — many users have multiple email accounts and may forget which one they registered with. Check your email's spam or promotions folder to ensure you're not missing a login-confirmation message or password-reset link.
If your password is incorrect, use our "Forgot Password" link on the login page. This triggers an email to your registered address with a reset link valid for one hour. Click it, create a new password, and you can log in immediately afterward. If you do not receive the reset email within a few minutes, double-check your email spam filters and confirm your email address is spelled correctly in your blocway account.
Two-factor authentication issues often stem from timing misalignment between your authenticator app and our servers, or entering the code after its validity window expires (typically 30 seconds). If you're locked out due to 2FA problems, contact our support team via email or in-app help — we can temporarily disable 2FA and help you reconfigure it.
Account recovery requires identity verification
If you lose access to your registered email or forget both password and 2FA settings, we initiate a recovery process requiring KYC re-verification. This protects your account from unauthorized recovery attempts but may extend access restoration timelines.
Login and Withdrawal Verification
Your blocway Quick Login credentials connect directly to withdrawal security. When you request a withdrawal to your chosen payment method — DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer — we require re-authentication before processing. This second login confirms that the person requesting the withdrawal is the genuine account holder, reducing fraud risk.
We also track withdrawal verification windows. Once you log in and initiate a withdrawal, our system flags the transaction for manual review if it exceeds certain thresholds or originates from a new device or IP address. This review window typically involves confirming your identity through email or additional KYC checks. We prioritize account security over speed in these scenarios.
Your login history is accessible in your account settings — you can view every successful and failed login attempt, including timestamp, device type, and IP address. Review this regularly to spot unauthorized access attempts. If you notice a suspicious login, immediately change your password and enable two-factor authentication if not already active.