Online gambling laws aim to ensure that gaming is conducted honestly, competitively, and without fraudulent practices. In this regard, the major iGaming regulatory authorities always recommended online gambling platforms enable two-factor authentication for their end-users. Moreover, in January 2022, the use of two-factor authentication in iGaming has become mandatory. The Divisions of Gaming Enforcement (DGE), including the NJ DGE, Delaware DGE, and Nevada Gaming Control Board, oblige iGaming platforms to enable two-factor authentication for their users. According to the DGE Cyber Security Best Practices, this step is necessary to reduce the risks of identity fraud, payment fraud, and charge back cases in iGaming since more and more online gambling websites experience hacking through fraudulent account access. Protectimus two-factor authentication solution and OTP tokens are easy to integrate with any iGaming software using API, SDK, or an integration plugin. You can protect both the in-house infrastructure of your iGaming business and the end-users accounts with one MFA setup. Two-Factor Authentication Solutions for iGaming Platforms Below we explain how two-factor authentication works and what online risks it prevents and describe all the nuances you need to consider before implementing two-factor authentication to secure your online gaming platform and users. Table of contents How two-factor authentication worksWhy two-factor authentication is mandatory in online gamblingHow to add two-factor authentication into your online gaming platformBest practices for implementing 2-factor authentication in iGaming How two-factor authentication works In a nutshell, two-factor authentication is a process that allows the users to prove that they are who they claim to be by presenting two different authentication factors.  There are three possible types of authentication factors: something the user knows – usually a password;something the user has – usually a one-time code from the OTP token;something the user is – usually a fingerprint or face ID. Typically, a combination of a password (something the user knows) and a one-time code from the auth token or phone (something the user has) is used for 2-factor authentication. Protectimus allows delivering one-time codes via chat-bots in Messenger or Telegram, SMS, email. Also, the two-factor authentication apps and hardware authentication tokens are available. Read more about different two-factor authentication methods here. Two-factor authentication is used in online gaming security to prevent phishing, social engineering, man-in-the-middle, and brute-force attacks. Even if a fraudster manages to get a user’s password, there is no sense in using it, as the user’s account remains protected with the one-time code valid for 30 seconds.  To check one-time passwords, a two-factor authentication server is used, which is integrated with the iGaming solution. The scheme of interaction between the authentication server and OTP tokens is presented below. Why two-factor authentication is mandatory in online gambling Since the popularity of online games began to skyrocket, attackers have focused their efforts on hacking poorly protected online gaming accounts. Credentials stuffing attacks, phishing, brute force, keyloggers, and social engineering are used to get fraudulent access to the gamers’ accounts and then use them for different malevolent activities that vary from payment fraud and identity fraud to money laundering. Online gambling websites collect a lot of personal information from their players to verify their identity remotely. Unfortunately, this is precisely the kind of information needed for identity theft. There isn’t much difference between establishing your identity through the Internet for gambling purposes and establishing your identity as part of a scam. Protecting all of this personal information is a prime consideration for iGaming websites because a release of personal information on a large scale could result in catastrophic losses for the business as well as legal issues if the online gambling website operates in a regime where breaches of personal information must be...