Multi-Factor Authentication adds an additional layer of security to a Bill.com account by requiring not only a username and password to log in, but also a personal device which makes it extremely difficult for someone to break into a Bill.com account.
Users will be prompted, within the account, to enter a cell or work phone number. If MFA has not been set up before, this page will be presented when logging in:
- Click Next.
- Enter the phone number
- Choose how to receive security codes
- Via text
- Via voice
- Click Submit
Finally, a test code will be sent using the delivery option selected to ensure the phone number was entered correctly.
From time to time, when performing certain actions within the Bill.com account, prompts to enter a code will be sent to the phone number entered. To perform this security check less frequently, select the box to "trust" this computer. Do NOT select this box if working on someone else's computer, or from a public location (like a library computer).
Note: We are currently phasing in MFA at login, which means users in some accounts will get prompted for an MFA code immediately after logging in. These users will not get prompted for an MFA code again during their session, unless they change their phone number, change their backup phone number, or change their password.
Benefits of MFA
Your Bill.com account is very powerful and can move money to and from the vendor and customer lists in your account. Should someone obtain the login credentials of those users on your account who have the power to change vendor and customer information, add bank accounts or make payments, you want to know that they will not be able to "do damage" by transferring your money to or from accounts. This feature helps to ensure that only the users you named on the account, with access to the phones listed during the setup process, will be able to complete actions such as these.
We've tried to implement this in such a way that it will not be a burden for you and the other users of your Bill.com account; we know most of our customers log in to Bill.com every day and don't want extra steps in their daily process. We strived to balance ease of access with the need for strong security designed to keep the bad guys from accessing your account.
Things to know
- It is best practice to not share numbers or use another person’s phone number for MFA
- For devices that have been marked as a trusted, the following conditions can still trigger MFA:
- Switching to a different browser
- Disabling browser cookies, using a cookie management extension or clearing browser data
- Changing the browser supported language, ie: adding a new language
- Upgrading to a different version of the browser
- Approver users do not need to set up MFA
- Have an international phone number? Learn more here