Sign in

Bill.com Multi-Factor Authentication (MFA)

Multi-Factor Authentication adds an additional layer of security to a Bill.com account by requiring not only a username and password to log in, but also a personal device which makes it extremely difficult for someone to break into a Bill.com account.

Users will be prompted, within the account, to enter a cell or work phone number. If MFA has not been set up before, this page will be presented when logging in:

  1. Click Next.
  2. Enter the phone number
  3. Choose how to receive security codes
    • Via text
    • Via voice
  4. Click Submit

Finally, a test code will be sent using the delivery option selected to ensure the phone number was entered correctly.

From time to time, when performing certain actions within the Bill.com account, prompts to enter a code will be sent to the phone number entered. To perform this security check less frequently, select the box to "trust" this computer. Do NOT select this box if working on someone else's computer, or from a public location (like a library computer).

 

Benefits of MFA

Your Bill.com account is very powerful and can move money to and from the vendor and customer lists in your account. Should someone obtain the login credentials of those users on your account who have the power to change vendor and customer information, add bank accounts or make payments, you want to know that they will not be able to "do damage" by transferring your money to or from accounts. This feature helps to ensure that only the users you named on the account, with access to the phones listed during the setup process, will be able to complete actions such as these.
We've tried to implement this in such a way that it will not be a burden for you and the other users of your Bill.com account; we know most of our customers log in to Bill.com every day and don't want extra steps in their daily process. We strived to balance ease of access with the need for strong security designed to keep the bad guys from accessing your account.

 

Things to know

  • For devices that have been marked as a trusted, the following conditions can still trigger MFA:
    • Switching to a different browser
    • Disabling browser cookies, using a cookie management extension or clearing browser data
    • Changing the browser supported language, ie: adding a new language
    • Upgrading to a different version of the browser
  • Approver users do not need to set up MFA

 

Resources