Richard
Login Register

Sign In to Richard Casino — and What to Do When the Door Sticks

Logging in should take five seconds. When it does not, the cause is almost always one of three things — and one of those three is on us, not you. This page walks through the clean path, then opens the bonnet on the failure modes Aussie punters actually report. Bookmark it for the next time the lobby refuses to let you back in.

The 5-Second Path

  1. Open richardcasino.com on the device where you registered. Mobile or desktop is fine; the cashier resyncs across both.
  2. Tap "Login" in the top-right.
  3. Email + password. If the password manager fills both, hit submit.
  4. If 2FA is on (we recommend it; not enforced for accounts opened before 2025-07), enter the 6-digit TOTP code from your authenticator app.
  5. You land on the lobby with your AUD balance restored.

If the path failed at any step above, the rest of this page is the troubleshooting tree.

Three Reasons Login Actually Fails

1. Cause On Your End: a VPN/DNS/Cookie Combination

This is the most common one. A VPN sets your apparent IP to somewhere outside AU, our geo-fence trips, and the request bounces with a generic "session not found" error. Or — separately — your browser is configured to block third-party cookies, the CSRF token cannot be set, and submit returns a silent failure that looks like a wrong password. Or — third variant — your DNS has cached a stale CNAME after we last rotated infrastructure, and the request is hitting a stale edge node that no longer holds your session ring.

Fix sequence:

  1. Drop the VPN. Try a fresh tab. If login works, you have the answer — keep the VPN off for casino sessions.
  2. Check cookies. In Chrome: Settings → Privacy → Third-party cookies → ensure richardcasino.com is allowed. Strict ETP in Firefox can also be the culprit; switch the site to Standard for a test.
  3. Flush DNS. ipconfig /flushdns on Windows, sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder on macOS. On phones, toggle airplane mode for 10 seconds.

If steps 1–3 do not solve it, move to "On Our End" below.

2. Cause On Our End: a Brief Geo-IP Hiccup at State Borders

Honest disclosure: punters travelling close to NSW/QLD or VIC/SA border points sometimes hop carrier towers and surface with an IP that geolocates outside AU for a minute or two. Our session validation re-checks geo on critical actions — a logout-style 401 can fire even though the account itself is healthy. The fix is to wait 60 seconds, refresh, and try again. We are working on a wider tolerance; the current behaviour is conservative on purpose because the same geo-spoof signature is used by jurisdiction-bypass attempts.

3. Cause On Our End: an Active KYC Hold

If you tried a withdrawal of A$2,000 or more and KYC has not yet cleared, the cashier will accept your login but freeze the lobby with a "verification pending" banner. That is not a login failure even though it feels like one — it is intentional friction during the review. KYC review window: 12–48 hours for clean documents, longer during peak weekends. Track status in account → Verification.

Password Recovery — One Email, Five Minutes

From the login screen, tap "Forgot password". Enter the registered email. We send a single-use link valid for 30 minutes. The link forces a new password that is not the same as the previous five — saves people from typing the old one in muscle-memory and getting locked again.

If the email never lands: check spam, then check the Gmail Promotions tab, then write to support from the same registered address with subject "Reset link missing". We can manually trigger one resend per 24 hours.

Two-Factor Authentication (TOTP)

Strongly recommended. Account → Security → Two-factor authentication → Enable. Scan the QR with Google Authenticator, Authy, 1Password, or any TOTP-standard app. The next login asks for the 6-digit code in addition to email + password.

Backup codes: at activation, we show ten one-shot codes. Save them somewhere a fire would not reach — a 1Password vault works. Without backup codes, losing your authenticator app means a manual support unlock that takes 24–48 hours plus a fresh KYC step.

SMS-based 2FA is offered but discouraged. SIM-swap fraud against AU mobile numbers has measurably risen in the past three years; an authenticator app is a five-second extra step that closes off the attack class entirely.

KYC — Document Checklist for AU Players

Required before the first withdrawal of A$2,000 or more, or earlier if a fraud signal triggers. Have these ready when you start the upload to avoid the 24-hour back-and-forth that comes from missing or blurry shots.

  • Photo ID, both sides: AU drivers' licence (preferred — back side carries the card number we cross-check), or AU passport bio page, or Medicare card with a green or yellow band. Plate-edge ID like a 18+ Card is fine if it carries DOB and photo.
  • Proof of address < 90 days old: a bank statement, an electricity/gas/water utility bill, an Australia Post mail-redirect notice, or a council rates notice. Mobile phone bills are accepted; internet bills with a residential address are accepted.
  • Proof of payment ownership: a card selfie covering the middle 8 digits and CVV but showing first 6 + last 4 + your name; or a bank-statement excerpt showing the BSB + last 3 digits + your name; or a screenshot of the e-wallet account holder name.
  • Optional source of funds (for high-value accounts): recent payslip, ATO notice of assessment, super rollover statement, or contract of sale on a property settlement. Only requested above certain thresholds; we will tell you if it applies.

Tips that save days:

  • Do not crop the licence — full card on a flat dark background. Glare on hologram is the #1 reason a doc gets bounced.
  • Names must match across all three documents. If you have changed name recently, send the AU change-of-name certificate or marriage certificate as a fourth doc.
  • PDFs are accepted alongside JPG/PNG — use the bank's "download statement" rather than a phone-camera screenshot when you have the option.

Account Lockout — What Triggers It and How It Lifts

Five failed login attempts inside 15 minutes locks the account for 30 minutes — auto-lifts. Twenty failed attempts inside an hour locks for 24 hours and triggers an email to the registered address; reply to that email if it was you. Outside those rate limits, an account can be locked manually if our anti-fraud system sees a credential-stuffing pattern across many users — that lift requires a quick chat with support and almost always clears inside the same business day.

Multiple Devices and Concurrent Sessions

You can be logged in on phone and desktop at the same time; they share the cashier ledger and updates flow live. What you cannot do is be logged in from two countries simultaneously — the second device's session terminates the first with a notification on screen. This is anti-account-sharing, not anti-traveller. If you fly from Sydney to Singapore for work, the lobby will let you in once the geo settles, but the AU-bound session ends.

Mobile App Login Specifics

Android APK and iOS PWA both store a session token in local storage rather than as a cookie. Biometric unlock (face/fingerprint) is offered after the first successful password login as a convenience layer — it does not replace 2FA, it just shortcuts re-typing the password on subsequent opens. Clearing the app's storage logs you out cleanly; uninstalling does the same.

What We Do When Something Looks Off

Risk-based step-up authentication. If a login arrives from a fresh device, fresh IP, with a deposit attempt inside two minutes, we will email a one-time challenge to your registered address before letting the deposit through. The challenge expires in 10 minutes. This adds friction, yes — and friction has to live somewhere in a casino account, otherwise the friction lives on a stranger's bank statement instead.

Forgot the Email Address Itself

Rare, but it happens — punters who used a long-dead Hotmail address two years ago and want their balance back. Email [email protected] from any address with: full legal name, date of birth, AU mobile number on file, last four digits of the funding card if applicable, and an approximate date of last login. We will run a manual lookup and respond within 48 hours, gated on a fresh KYC photo to prove the live person matches the dormant account.

Closing or Pausing — Different Doors, Both Easy

If you are reading this page because you cannot log in but you also do not want to right now, the right path is to email support and ask for a 7-day cooling-off rather than guessing the password ten more times. Cooling-off blocks login for the period chosen, with no contact during; it auto-lifts at the end. Closing the account is a separate one-way action and is processed within 48 hours after any cleared balance is paid out.

Login Logs You Can Pull Yourself

Account → Security → Activity Log shows every successful and failed login attempt for the last 90 days, with timestamp, device fingerprint hash, and approximate IP geolocation (city level, not street level). It is the single best tool for spotting an unauthorised access — if you see a login from a city you have never been to, change the password immediately and email support. We will then run a deeper audit and roll any session tokens. Punters routinely catch shared-password leakage this way before any AU$ moves out of the account.

Cookies, Sessions and Why "Just Use Incognito" Backfires

Private/Incognito browsing kills cookies on tab close. That sounds private but for a casino session it means every login is treated as a fresh device — triggering the step-up authentication challenge by email each time, plus a re-acceptance of the cookie banner on every visit. The pattern looks suspiciously like an attacker rotating sessions, and our anti-fraud will eventually rate-limit it. If privacy is the goal, the better path is a normal browser profile with strict third-party cookie controls — first-party cookies stay, the casino works, and your tracking exposure is genuinely minimised.

Browser Versions That Have Caused Real Issues

A quick honest list of edge cases we have seen recently. Stale browsers cause more login failures than any bug on our side:

  • Chrome below version 110 — TLS 1.3 cipher mismatch on some Aussie corporate networks. Update the browser.
  • Safari 14 on macOS Big Sur — IndexedDB quirks corrupt the consent record; banner reappears every visit. Either update macOS or use Firefox/Chrome.
  • Samsung Internet 19 and earlier — service-worker handling broke our PWA fallback for a few weeks. Resolved in v20+, but if you have an older Samsung phone that no longer receives updates, switch to Chrome.
  • Edge with Tracking Prevention set to "Strict" — blocks our anti-fraud sub-domain and login silently fails. Set to "Balanced" for the casino tab.

None of these issues are on our side, but they all manifest as "I can't log in" tickets, so they are worth flagging here.

If You Share a Device With Family

Aussie households where the desktop computer lives in the kitchen and everyone uses it occasionally is more common than the privacy literature assumes. Practical advice: do not save the casino password in a shared browser profile. Use the browser's separate-profile feature (Chrome and Edge both support it cleanly) so your casino login is in your profile and the rest of the family stays in theirs. Sign out at the end of each session — there is a "Sign out everywhere" button under Account → Security that revokes every session token across all your devices in a single click, useful if you suspect a family member used your profile.

The Honest Take

Most "I can't log in" tickets close as user-side cookie or VPN issues; a smaller share are KYC-pending mistaken for login failure; the rest are border-IP geo-checks that resolve themselves in a minute. Try the three steps under "On Your End" first, give the geo a minute, then write to support — and never reset your password three times in five minutes. The system reads that as compromise behaviour and locks the account for 24 hours, which is the worst possible outcome for a punter who simply mistyped.