Multi-Factor Authentication adds an additional layer of security to a Bill.com account by requiring not only a username and password to log in, but also a personal device which makes it extremely difficult for someone to break into a Bill.com account.
Users will be prompted, within the account, to enter a cell or work phone number. If MFA has not been set up before, this page will be presented when logging in:
- Click Next.
- Enter the phone number
- Choose how to receive security codes
- Via text
- Via voice
- Click Submit
Finally, a test code will be sent using the delivery option selected to ensure the phone number was entered correctly.
You will be prompted for MFA codes when logging in, as well as performing the following tasks:
- Changing your password
- Resetting a forgotten password
- adding a backup phone number
- Changing your primary or backup phone number
If you'd like us to perform this security check less frequently, select the box to "trust" your computer, and a code will not be required when logging in, for 30 days, unless you're using a different machine, device, or you clear cookies on a trusted device. Please note that security codes expire after five minutes. The requirement for MFA codes cannot be removed completely.
TIP: Do NOT select this box if you're working on someone else's computer, or from a public location (like a library computer, coffee shop or anywhere with free public wifi).
Benefits of MFA
Your Bill.com account is very powerful and can move money to and from the vendor and customer lists in your account. Should someone obtain the login credentials of those users on your account who have the power to change vendor and customer information, add bank accounts or make payments, you want to know that they will not be able to "do damage" by transferring your money to or from accounts. This feature helps to ensure that only the users you named on the account, with access to the phones listed during the setup process, will be able to complete actions such as these.
We've tried to implement this in such a way that it will not be a burden for you and the other users of your Bill.com account; we know most of our customers log in to Bill.com every day and don't want extra steps in their daily process. We strived to balance ease of access with the need for strong security designed to keep the bad guys from accessing your account.
Things to know
- It is best practice to not share numbers or use another person’s phone number for MFA
- For devices that have been marked as a trusted, the following conditions can still trigger MFA:
- Switching to a different browser
- Disabling browser cookies, using a cookie management extension or clearing browser data
- Changing the browser supported language, ie: adding a new language
- Upgrading to a different version of the browser
- Approver users do not need to set up MFA, but Admin users can request that MFA be enabled for Approvers if desired, through Customer Support
- Have an international phone number? Learn more here