Bill.com Multi-Factor Authentication (MFA)

Multi-Factor Authentication adds an additional layer of security to a Bill.com account by requiring not only a username and password to log in, but also a personal device. This makes it extremely difficult to break into a Bill.com account.

Setup MFA

MFA setup is part of account enrollment. When prompted:

  1. Enter a cell or work phone number to receive security codes when needed. Set up additonal security
  2. Choose the default method to receive codes by
    • Via text
    • Via Phone Call
  3. Click Send code
  4. Enter the code sent to the phone number provided
  5. Click Submit
    Enter phone number

Setting up a backup number

  1. Click the gear icon
  2. Click Profile under You
  3. Click Enter your backup phone
    • To edit the backup number, hover over Details and click Security
  4. Click Next to receive a security code on your primary number
  5. Enter the sercurity code
  6. Select Trust This Computer to require a security code less often
    • Name the device if choosing to trust it
  7. Click Submit
  8. Enter the backup number
  9. Select the default method to receive security codes
  10. Click Submit
  11. Enter the security code to verify the number
  12. Click Submit
  13. Click Finish

When MFA is triggered

From time to time, when performing certain actions within the Bill.com account, prompts will surface to select the number and delivery method for the security code.

Choose number and method

Enter the security code and select Trust This Computer to require a security less often.

Enter code

Things to know

  • The number of times Send a new code will trigger a new code is 3, on the 4th attempt we will show some tips about how to ensure receiving the code successfully
    • Log out and bank in to reset the MFA process
  • To perform the security check less frequently, select the box to "trust" this computer
    • Do not select the "trust this computer" box when working on someone else's computer or logging in from a public location (like a library computer)
  • For devices that have been marked as a trusted, the following conditions can still trigger MFA:
    • Switching to a different browser
    • Disabling browser cookies, using a cookie management extension or clearing browser data
    • Changing the browser supported language, ie: adding a new language
    • Upgrading to a different version of the browser
  • Approver users do not need to set up MFA