Multi-factor authentication (MFA)/2-step verification

Multi-factor authentication (MFA)/2-step verification is a security process that requires more than one method of authentication from independent credentials to verify your identity.

Multi-Factor Authentication adds an additional layer of security to your Bill.com account by requiring not only a username and password to log in, but also an additional code sent to your phone. This makes it extremely difficult to break into a Bill.com account.

Jump to:


Set up MFA/2-step verification

When you create a Bill.com account, we request a phone number to use for MFA/2-step verification.

  1. Enter a mobile or landline phone number to receive security codes
  2. Select whether to send security code by text or phone call
  3. Select Send code
  4. Enter the security code you receive
  5. Select Trust this device for 30 days to require a security code less often
  6. Select Submit

Set up a backup phone number

We highly suggest having a backup method for MFA/2-step verification in case you no longer have access to your primary phone number.

  1. Select Settings
  2. Select Security under You
  3. Select Enter your backup phone
    • To edit the backup phone number, select Change Backup 2-Step Verification
  4. Select Next to send a security code on your primary phone number and authorize the change
  5. Enter the security code you receive
  6. Select Trust This Device to require a security code less often and select Submit
  7. Enter your backup phone number
  8. Select whether to send security code by text or phone call and select Submit to receive a code on the backup phone number to confirm the change
  9. Enter the security code you receive and select Submit
  10. Select Finish

Note: If you are planning on traveling internationally, add a backup phone number before you leave the United States. MFA/2-step verification may not be available outside the United States if your device won't receive calls or text messages while out of the country.


Other ways to receive codes

If you don't have a mobile phone or landline to receive MFA/2-step verification codes, you can use these alternatives:

We can't send codes by email, it must be a phone number.


When MFA/2-step verification is triggered

You will be prompted with a text or a voice message to enter a code upon logging in to Bill.com.

Checking the "Trust this computer" box when you enter a code will reduce the need of a code to every 30 days.

Note: Even on devices that you have marked as trusted, these other actions also prompt MFA/2-step verification codes:

  • Changing your password
  • Changing your phone number(s)
  • Switching to a different browser
  • Changes to your browser, such as:
    • Disabling browser cookies, using a cookie management extension or clearing browser data
    • Changing the browser supported language, i.e.: adding a new language
    • Upgrading to a different version of the browser

Change your MFA/2-step verification phone numbers

You can change your primary or backup phone number for MFA/2-step verification in your Bill.com account. You will need access to the current phone number in order to receive a code to authorize the change.

If you no longer have access to your primary or backup phone numbers, contact Support.


Each user must follow the steps below to change their own phone numbers. You cannot change the phone number for another user.

Changing your primary or backup phone number:

  1. Select Settings
  2. Select Security under the You section
  3. Select Change Primary 2-Step Verification or Change Backup 2-Step Verification
  4. Select Yes to confirm that you wish to delete and add a new MFA method (phone number)
  5. Select phone number from dropdown to receive code to authorize the change
    • If you don’t see your phone number, select Contact Us at the top of this page for assistance
  6. Select whether to send security code by text or phone call
  7. Select Send code
  8. Enter the security code you receive
    • If you need to resend a code, select Send a new code
  9. Select Submit
  10. Enter the new phone number
  11. Select whether to send security code by text or phone call
  12. Select Send code
  13. Enter the security code you receive
    • If you need to resend a code, select re-send code
  14. Select Submit to save your new primary or backup phone number for MFA

Troubleshooting MFA/2-step verification

Codes are not being received

  • Always use a direct line, codes cannot be routed through an extension
  • You may need to restart your device
  • If your phone is unable to receive codes, please try using the alternate options
  • If you received the error message "We can no longer send a code - You‘ve reached the maximum attempts for sending a code to one of your devices," the code has been sent three (3) times, which is the maximum per session. Please log out of your account and then log in again to request a new code.
  • If you no longer have access to your primary or backup phone numbers, submit a request to reset your access using the 2-step Verification Access Request form.

What to do if you no longer have access to the phone number

If you can't access your primary or backup phone numbers, or you are not receiving codes after trying these tips, contact Support.


Things to know

  • Please note that we can only send text based security codes to US and Canadian numbers.
  • It is best practice to not share phone numbers or use another person's phone number for MFA/2-step verification
  • Select trust this computer to reduce the number of MFA/2-step verification code prompts
    • Do not select the "trust this computer" box when working on someone else's computer or logging in from a public location (like a library computer)