Home Login Contact Us

Multi-factor authentication (MFA)/2-step verification

  • Updated

Multi-factor authentication (MFA)/2-step verification is a process that requires two methods of verification to authenticate your identity, adding a layer of protection, because it makes it extremely difficult to compromise the security of a Bill.com account.

Jump to:

Set up MFA/2-step verification

When you create a Bill.com account, we request a phone number to use for MFA/2-step verification.

  1. Enter a mobile or landline phone number to receive security codes
  2. Select whether to send security code by text or phone call
  3. Select Send code
  4. Enter the security code you receive
  5. Select Trust this device for 30 days to reduce the need to enter a security code
  6. Select Submit

Set up a backup phone number

We recommend that you have a backup method for MFA/2-step verification in case you no longer have access to your primary phone number.

  1. Select Settings
  2. We're currently rolling out a fresh new look for our Settings page, so you may see one of 2 designs. Please follow the steps that match what your Settings page looks like.

    Select Security under You if your Settings page looks like this: Settings Page

    Select Security under User Settings if your Settings page looks like this:
    New User Settings

  3. Select Enter your backup phone
    • To edit the backup phone number, select Change Backup 2-Step Verification
  4. Select Next to send a security code on your primary phone number and authorize the change
  5. Enter the security code you receive
  6. Select Trust this device for 30 days to reduce the need to security and select Submit
  7. Enter your backup phone number
  8. Select whether to send security code by text or phone call and select Submit to receive a code on the backup phone number to confirm the change
  9. Enter the security code you receive and select Submit
  10. Select Finish

After you add a backup number, you'll be able to select either the primary or backup phone number each time we prompt you for a code.

Note: If you are planning on traveling internationally, add a backup phone number before you leave the United States. MFA/2-step verification may not be available outside the United States if your device won't receive calls or text messages while out of the country.

Use Google Authenticator as backup

You can also use Google Authenticator for your backup MFA/2-step verification method.

This feature isn't available on subscription-free basic accounts. Please upgrade your account to use it.

  1. Download the Google Authenticator app from your device's mobile store
  2. Open the app and select Begin
  3. Select Scan a barcode
  4. In Bill.com, select Settings > Security and select Add Backup 2-Step Verification
  5. Select Google Authenticator
  6. In the Google Authenticator app, scan the barcode in Bill.com
  7. Google Authenticator app will then generate the first code - enter that code in Bill.com
  8. Select Submit

Google Authenticator


Codes are regenerated every 30 seconds in Google Authenticator. You must enter the code and select submit in Bill.com before the 30 seconds is up. If you get an error when entering a code, wait for the next code to be generated and be sure to enter and select submit in Bill.com before the timer runs out.

Other ways to receive codes

If you don't have a mobile phone or landline to receive MFA/2-step verification codes, you can use these alternatives:

When you'll be prompted for a code

Bill.com will prompt you with a text or a voice message, requesting you to enter a code upon logging in to the system.

Checking the Trust this device for 30 days box when you enter a code will reduce the need of a code to every 30 days.

Note: Even on devices that you've marked as trusted, these actions also prompt MFA/2-step verification codes:

  • Changing your password
  • Changing your phone number(s)
  • Switching to a different browser
  • Changes to your browser:
    • Disabling browser cookies, using a cookie management extension or clearing browser data
    • Changing the browser supported language
    • Upgrading to a different version of the browser

Disable and enable MFA/2-step verification by role

To have more control over the security of your account, you can disable or enable MFA/2-step verification for certain user roles. MFA/2-step verification is enabled by default for all roles, and you cannot disable MFA/2-step verification for users with a role that requires MFA/2-step verification.

Default roles

User roles with limited permissions and limited risk no longer require MFA/2-step verification. The default user roles that require MFA/2-step verification are:

  • Admin
  • Accountant
  • Clerk
  • Payer

Custom roles

If you create a custom role, the permissions that require MFA/2-step verification if added to that custom role are:

  • Pay approved bills via Bill.com
  • Pay unassigned bills via Bill.com
  • Pay unapproved bills via Bill.com
  • Manage Vendors
  • Manage Customers
  • Manage Company Info
  • Manage Credit Cards
  • Manage Users
  • Manage Roles

This feature isn't available on subscription free basic accounts. Please upgrade your account to access additional features.

Enabling or Disabling 2-step verification

  1. Select Settings
  2. We're currently rolling out a fresh new look for our Settings page, so you may see one of 2 designs. Please follow the steps that match what your Settings page looks like.

    Select Roles under Permissions if your Settings page looks like this: Settings Page

    Select Roles under Roles & Permissions if your Settings page looks like this: New Settings Page
    Select Roles
  3. Select Yes to enable or No to disable under 2-step verification
    • Roles that require MFA/2-step verification won't have a toggle, you'll see Required for this role instead. MFA/2-step verification cannot be disabled for these roles.

2FV by role

Change your MFA/2-step verification phone numbers

You can change your primary or backup phone number for MFA/2-step verification in your Bill.com account. You'll need access to the current phone number in order to receive a code to authorize the change.

If you no longer have access to your primary or backup phone numbers, submit a request to reset your access using the 2-step Verification Access Request form.

Each user must follow the steps below to change their own phone numbers. You cannot change the phone number for another user.

Changing your primary or backup phone number:

  1. Select Settings
  2. We're currently rolling out a fresh new look for our Settings page, so you may see one of 2 designs. Please follow the steps that match what your Settings page looks like.

    Select Security under You if your Settings page looks like this: Settings Page

    Select Security under User Settings if your Settings page looks like this: New Settings Page
  3. Select Change Primary 2-Step Verification or Change Backup 2-Step Verification

Change primary MFA

  1. Select Yes to confirm that you wish to delete and add a new MFA method (phone number)
  2. Select phone number from dropdown to receive code to authorize the change
    • If you don’t see your phone number, select Contact Us at the top of this page for assistance
  3. Select whether to send security code by text or phone call
  4. Select Send code
  5. Enter the security code you receive
    • If you need to resend a code, select Send a new code
  6. Select Submit
  7. Enter the new phone number
  8. Select whether to send security code by text or phone call
  9. Select Send code
  10. Enter the security code you receive
    • If you need to resend a code, select re-send code
  11. Select Submit to save your new primary or backup phone number for MFA

Troubleshooting MFA/2-step verification

If you aren't receiving your MFA/2-step verification codes

  • Always use a direct line. Codes cannot be routed through an extension
  • You may need to restart your device
  • If your phone is unable to receive codes, please try using the alternate options
  • If you received the error message "We can no longer send a code - You‘ve reached the maximum attempts for sending a code to one of your devices," the code has been sent three (3) times, which is the maximum per session. Please log out of your account and then log in again to request a new code.
  • If you no longer have access to your primary or backup phone numbers, submit a request to reset your access using the 2-step Verification Access Request form.
  • Customer Support can check to see if the codes are being sent. Select Contact Us at the top of this page if the suggestions above don't help.

If you are being prompted for MFA/2-step verification codes often, after selecting to trust your device for 30 days

  1. Save our domain (Bill.com) as a trusted website on any site blockers or ad blockers
    • Examples of some site/ad blockers:
      • AdBlock Plus
      • Freedom
      • StayFocused
      • Limit
      • Poper blocker
      • PrivacyBadger
  2. Remove all trusted devices listed under your user profile
    1. Select Settings
    2. Select Security under You
    3. Select Remove next to each device listed under Trusted Devices
  3. Sign out of Bill.com
  4. When you sign in again, we'll prompt an MFA/2-step verification code. Enter the code you receive and select Trust this device for 30 days.

What to do if you can't login or if you no longer have access to the phone number

If you are having trouble logging into Bill.com, please see the Trouble logging in to Bill.com article for helpful tips.

If you can't login because you don't have access to your primary or backup phone numbers to receive codes, select Having trouble? for additional options, including the option to add a new number.

Note: these steps are for non-console accounts. If you have an accountant's console, please submit a request to reset your access using the 2-step Verification Access Request form.

MFA - Having trouble

To add a new phone number:

  1. Select the option to add a new number

MFA - New number

  1. Add the new phone number
  2. Select text or phone call
  3. Select Save

MFA - New number

If the number you enter is accepted, you'll be able to login as normal. If you're unable to add a new number, submit a request to reset your access using the 2-step Verification Access Request form.

Things to know

  • It's best practice to not share phone numbers or use another person's phone number for MFA/2-step verification
  • Select Trust this device for 30 days to reduce the number of MFA/2-step verification code prompts
    • Don't select the Trust this device for 30 days box when working on someone else's computer or logging in from a public location (like a library computer)
  • As a backup, be sure to set up a secondary phone number or use Google Authenticator, to make sure you can receive the code to complete this 2 step-verification process.

Related articles

PRODUCT

Accounts Payable

Accounts Receivable

Credit & Expense Management

ACH

International Payments

Pay By Card

Network Payments

INTEGRATIONS

QuickBooks

Sage Intacct

Oracle NetSuite

Microsoft Dynamics

Xero

Other Integrations

PRICING

For Businesses

For Accounting Firms

SOLUTIONS

Small Businesses

Midsize Companies

Hospitality

Nonprofits

Professional Services

Software and Technology

PARTNERS

Accounting Firms

Wealth Management

Banks

VAR Program

Accountant Referral Program

Affiliate Program

RESOURCES

Resource Center

Accountant Resource Center

Events & Webinars

Customer Stories

Blog

FAQS

Learning Center

Compare

Security

Developers

App Marketplace

Product Demo

Product Tour

Sitemap

COMPANY

Our Story

Leadership

Investors

Press Releases

Newsroom

Press Kit

Refer a Business

Careers

Contact Us

Support

CONNECT

Legal

Privacy Policy

Acceptable Use Policy

Cookie Policy

Terms of Service

Bill.com Network Rules

Accessibility Statement

© 2022 Bill.com, LLC. Bill.com, the Bill.com logo, and the “b” logo are trademarks of Bill.com, LLC. All other company names and brands are the property of their respective owners.