Multi-factor authentication (MFA) is a security process that requires more than one method of authentication from independent credentials to verify the user’s identity.

Multi-Factor Authentication adds an additional layer of security to a Bill.com account by requiring not only a username and password to log in, but also an additional code sent to a phone. This makes it extremely difficult to break into a Bill.com account.

Setup MFA

MFA setup is part of account enrollment. When prompted:

1. Enter a cell or work phone number to receive security codes when needed.
2. Choose the default method to receive codes by
   • Via text
   • Via Phone Call
3. Click Send code
4. Enter the code sent to the phone number provided
5. Click Submit
   

Setting up a backup number

1. Click Settings
2. Click Security under You
3. Click Enter your backup phone
   • To edit the backup number, hover over Details and click Security
4. Click Next to receive a security code on your primary number
5. Enter the security code
6. Select Trust This Computer to require a security code less often
   • Name the device if choosing to trust it
7. Click Submit
8. Enter the backup number
9. Select the default method to receive security codes
10. Click Submit
11. Enter the security code to verify the number
12. Click Submit
13. Click Finish

When MFA is triggered

You will be prompted with a text or a voice message to enter a code upon logging in to Bill.com, when changing your password, or when changing your phone number(s).

Checking the "Trust this computer" box when you enter a code will reduce the need of a code to every 30 days, except when changing your password or phone number(s).

Things to know

• It is best practice to not share numbers or use another person's phone number for MFA
• The number of times Send a new code will trigger a new code is 3, on the 4th attempt we will show some tips about how to ensure receiving the code successfully
  • Log out and back in to reset the MFA process
• To perform the security check less frequently, select the box to "trust" this computer
  • Do not select the "trust this computer" box when working on someone else's computer or logging in from a public location (like a library computer)
• For devices that have been marked as a trusted, the following conditions can still trigger MFA:
  • Changing your password
  • Changing your phone number(s)
  • Switching to a different browser
  • Disabling browser cookies, using a cookie management extension or clearing browser data
  • Changing the browser supported language, ie: adding a new language
  • Upgrading to a different version of the browser
• Approver users do not need to set up MFA unless an admin has requested that approvers have MFA enabled, but Approvers will be prompted for a phone number, and sent a code, when resetting their password