How Quick Login Works
Quick Login stores a secure session token on your device after you authenticate once with your email and password. The next time you open bmx4d, our system recognizes your device token and skips the full authentication flow, taking you directly to your account. This is not password storage—we never keep your password on the device. Instead, we verify the session token against our backend, confirm it matches your account, and validate that the device location and fingerprint match your previous login patterns.
When you first visit bmx4d, you enter your email and password. Our system compares these credentials against our encrypted database. If they match, we generate a session token (a long string of cryptographic characters) and send it to your device via a secure, encrypted channel. Your browser or app stores this token locally. On your next visit, the token is sent back to our server automatically. We verify its validity and signature. If valid, you are logged in. If the token has expired (typically after 30 days of inactivity) or the device fingerprint no longer matches, we ask you to re-authenticate with your password.
Quick Login is enabled by default on bmx4d after your first successful authentication. You do not need to activate it manually. However, you control whether a device is trusted. After logging in with your password, a prompt asks if you want to trust this device. If you click Trust, future logins from that device will use Quick Login. If you click No, you will enter your password every time—this is ideal for shared or public computers.
Setting Up Quick Login and Device Management
To use Quick Login, ensure you are on a device you own and control. Open bmx4d.app or the bmx4d app on your phone. Enter your email address and password. After successful authentication, our system asks: "Trust this device?" If yes, we store the session token and you are logged in. Next time you open bmx4d from the same device, the token is recognized and you bypass the password step, going straight to your dashboard. Your available games, account balance, and promotions appear immediately.
You manage trusted devices in your Account Settings under the Security tab. Here you see a list of all devices currently holding valid session tokens: their device names (e.g., "Chrome on Windows Desktop"), last login timestamp, and approximate location. You can revoke any device instantly by clicking Remove. This is useful if you forget a tablet in a coffee shop or retire an old phone—revoking the device token invalidates all Quick Login attempts from that hardware.
- Session token
- A cryptographic credential stored on your device that proves your identity without re-entering your password.
- Device fingerprint
- A unique identifier generated from your device's hardware and browser properties to detect unauthorized device changes.
- Token expiry
- Session tokens expire after 30 days of no activity, requiring you to re-authenticate with your password.
- Revoke device
- Permanently invalidate a device token from your Account Settings, blocking all future Quick Login attempts from that device.
Two-Factor Authentication and Quick Login
We recommend enabling two-factor authentication (2FA) on your bmx4d account, especially if you use Quick Login. When 2FA is active, even trusted devices require an additional verification code during login. This code is sent to your registered phone number via SMS or generated by an authenticator app (Google Authenticator, Authy). Quick Login still works—your session token grants you initial access—but before you can view your balance or place game entries, you must enter the 2FA code.
Setting up 2FA takes two minutes. Open Account Settings, select Security, and click Enable Two-Factor Authentication. Choose between SMS (code sent via text) or app-based (code generated in an authenticator app). We recommend app-based 2FA because SMS can be intercepted in rare cases. Once enabled, every login—whether Quick Login or full password entry—requires your 2FA code. If you lose access to your 2FA device (phone or authenticator), contact our support team with your account email and a government ID. We can reset 2FA after verifying your identity.
Accessing Games and Promotions After Quick Login
Once Quick Login completes and you are authenticated (with or without 2FA code), your dashboard loads immediately. You see your account balance, available games, and active promotions. Your welcome offer, if still eligible, appears in the Promotions tab. Weekly cashback is tracked in real time—your current week's activity and projected cashback percentage are visible. Referral bonuses and tier-progression status are displayed in separate tabs.
Quick Login does not affect promotion eligibility. Your welcome offer was activated when you first deposited, regardless of how you log in. Your weekly cashback still accumulates every week you deposit or play games via any payment method (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet). If you have referred friends, the referral status is tracked independently of your login method.
Mobile and Desktop Login Flows
On a mobile phone (iOS or Android), opening the bmx4d app triggers Quick Login if a valid session token exists. The app checks the token against our backend, confirms the device fingerprint, and loads your account. On desktop browsers (Chrome, Firefox, Safari, Edge), the process is identical: we check for a stored token, verify its signature, and display your dashboard. The only difference is the user interface layout—mobile presents a stacked, single-column layout; desktop shows a wider layout with side panels.
If you log in from a new device (a friend's phone, a public computer, a newly purchased tablet), Quick Login is not available because no token exists. You enter your full email and password. After successful authentication and (if enabled) 2FA, you are asked whether to trust the device. If you select Trust, a token is created and stored. If you select No, you remain logged in for that session but Quick Login will not work on your next visit to that device—you will need to re-enter your password.
Password Recovery and Account Reset
If you forget your password, click the "Forgot password?" link on the login screen. Enter your registered email address. We send a password-reset link to that email—the link expires after one hour for security. Click the link, create a new password (minimum 12 characters, mixed case, numbers, and symbols recommended), and confirm. Your new password is encrypted and stored. Once reset, your old session tokens are invalidated automatically, so any previously trusted devices will require re-authentication on next login.
This reset mechanism protects you if your email is compromised. An attacker who gains access to your password-reset email link can change your bmx4d password and potentially lock you out. To prevent this, we recommend using a strong, unique password on your email account and enabling 2FA on your email provider as well. If you suspect your account has been compromised (unauthorized transactions, login attempts from unfamiliar locations), reset your password immediately and contact our support team to review your account activity.