Security
Technical security measures protecting the 1xBet app and your account.
Last updated: January 22, 2026
Security Overview
| Layer | Protection | Standard |
|---|---|---|
| Network | TLS encryption | TLS 1.3 |
| Data at Rest | AES encryption | AES-256 |
| Authentication | Multi-factor | TOTP, Biometrics |
| Passwords | Secure hashing | bcrypt/Argon2 |
| Sessions | JWT tokens | Short expiry, refresh |
Transport Security
Encryption in Transit
- TLS 1.3: Latest encryption protocol for all connections
- Certificate pinning: Prevents man-in-the-middle attacks
- Perfect forward secrecy: Past communications remain secure
- Strong cipher suites: Only modern, secure algorithms
API Security
- HTTPS enforced for all endpoints
- Request signing for sensitive operations
- Rate limiting to prevent abuse
- Input validation and sanitization
Data Security
Encryption at Rest
| Data Type | Encryption | Key Management |
|---|---|---|
| Credentials | AES-256 + Hardware | Keychain/Keystore |
| Session tokens | AES-256 | Secure storage |
| User data | AES-256 | Encrypted database |
| Payment info | Tokenized + AES-256 | PCI DSS compliant |
Local Storage (Mobile)
- iOS: Keychain for credentials, encrypted Core Data
- Android: Keystore for keys, EncryptedSharedPreferences
- Biometric protection: Keys tied to fingerprint/face
Authentication Security
Password Security
- Hashing: bcrypt/Argon2 with unique salts
- Requirements: Minimum 8 characters, complexity enforced
- Breach checking: Passwords checked against known leaks
- Failed attempts: Account lockout after 5 failures
Two-Factor Authentication (2FA)
| Method | Security Level | Availability |
|---|---|---|
| Authenticator App | ๐ข High | Recommended |
| SMS Code | ๐ก Medium | Available |
| Email Code | ๐ก Medium | Available |
| Biometrics | ๐ข High | Device dependent |
Session Management
- JWT tokens: Short-lived access tokens (15-30 min)
- Refresh tokens: Secure rotation mechanism
- Device binding: Sessions tied to device fingerprint
- Concurrent sessions: Visible in account settings
- Remote logout: Terminate sessions from any device
Application Security
Code Protection
- Obfuscation: Code protection against reverse engineering
- Integrity checks: Detect tampering or modification
- Root/Jailbreak detection: Additional security on compromised devices
- Debug detection: Prevents debugging attacks
Secure Development
- OWASP guidelines followed
- Regular code security audits
- Automated vulnerability scanning
- Penetration testing (annual)
- Bug bounty program
Infrastructure Security
- DDoS protection: Cloudflare/AWS Shield
- WAF: Web Application Firewall
- IDS/IPS: Intrusion detection and prevention
- Network segmentation: Isolated services
- Access controls: Role-based, least privilege
- Audit logging: All access recorded
- 24/7 monitoring: Security operations center
Payment Security
- PCI DSS compliant: Payment card industry standards
- Card tokenization: Full card numbers never stored
- 3D Secure: Additional verification for cards
- Fraud detection: Real-time transaction monitoring
- Withdrawal verification: Identity checks for large amounts
Security Recommendations
What You Should Do
- โ Enable 2FA (preferably authenticator app)
- โ Use a unique, strong password
- โ Enable biometric login
- โ Keep app updated
- โ Review active sessions regularly
- โ Download only from official sources
What to Avoid
- โ Sharing your password
- โ Using public WiFi without VPN
- โ Saving passwords in browsers
- โ Clicking suspicious links
- โ Using rooted/jailbroken devices
- โ Installing apps from unknown sources
Security Incidents
If You Suspect Unauthorized Access
- Change password immediately
- Terminate all sessions โ Account Settings โ Security
- Enable 2FA if not already active
- Check transaction history for suspicious activity
- Contact support if unauthorized transactions found
Reporting Security Issues
Found a security vulnerability? Report it responsibly:
- Contact security team via support
- Provide detailed description
- Don't exploit or share publicly
- Bug bounty rewards available
Common Questions
Is my password stored securely?
Yes. We never store plain text passwords. Passwords are hashed using bcrypt or Argon2 with unique salts, making them virtually impossible to reverse.
Can 1xBet staff see my password?
No. Due to hashing, nobody can see your password โ not even us. If you forget it, you must reset it. We cannot retrieve it.
What if my phone is stolen?
Use another device to log in and terminate all sessions. Change your password. If biometrics were enabled, the thief still needs your face/fingerprint to access the app.
Is the app safe on rooted/jailbroken devices?
We don't recommend it. Root/jailbreak bypasses security measures. The app may still work but with reduced security. Some features may be disabled.