Multi-factor authentication (MFA) is a security process that requires more than one method of authentication from independent credentials to verify the user’s identity. At Bill.com, MFA was implemented with a "light touch." The design is unique to Bill.com, securing access to Bill.com accounts by both login credentials and phone verification codes.
Primary phone number
As a part of the setup process, users will be asked to enter a phone number. This phone number should be one that you have access to when you will be logged in to Bill.com. It needs to be a direct line to a live person. The call cannot be routed through an automated phone routing service.
Once MFA is enabled, users will be prompted with a text or a voice message to enter a code sensitive information is viewed and used. For many users, the frequency of MFA prompts can be reduced by checking the "Trust this computer" box when the code is entered.
Backup phone number
We strongly recommend that you also add a secondary phone number to the MFA security setup. This will allow you to maintain secure access to the Bill.com account if the primary phone is unavailable.
Things to know
Your Bill.com account is very powerful. It can move money to and from the vendors and customers in your account. Should someone obtain the login credentials of any of users on your account, you want to know that they won't be able to "do damage" by transferring your money to or from accounts where it doesn't belong. The MFA feature helps to ensure that only the users with verified access through the MFA phone numbers will be able to complete actions such as these.
We've tried to implement MFA in such a way that it is not a burden for you and the other users on the Bill.com account. We know most of our customers log in to Bill.com every day and don't want extra steps in their daily process. We strived to balance ease of access with the need for strong security designed to keep the bad guys from accessing your account.