Security Enhancements
Security enhancements for your Billiyo account.
Table of Contents
- Video
- Settings
- Super User Experience
- Non-Super User Experience
- Unlocking a User Account After Multiple Failed Login Attempts
- FAQs
Video
Settings
Super users can enable or disable 2FA at any time. To do so, click here to be taken to the Company Settings page or in the left menu navigate to:

In the Company Settings page, click on the Configurations tab.
Then, click on the pencil icon
to edit. On the screen that appears, toggle 2FA on (yes) or off (no). 
After making changes, click on the
button to save.
Super User Experience
During the first account login, a super user will be prompted to update their password. 
Note: When a password is changed, an email is sent to the email address tied to the user account for notification. Below is an example of what this email may look like.

Upon password reset, a prompt about enabling multi-factor/2-factor (2FA) authentication for your agency will appear.
2FA is a security system that requires 2 separate, distinct forms of identification to log in. The first is a password, the second is a code sent via email/text.

- Click on the
button to enable 2FA. - Click on
button to move forward without using 2FA
When 2FA is enabled, an authorization code will be sent to the user's email and/or phone number. After the code is input in prompt field, click on the
to log in. 

Note: Please make sure to check junk/spam email folders for the authorization code or password change email if needed.
Non-Super User Experience
When logging in via a computer, a password update prompt may appear.
Note: This prompt will not appear in Billiyo mobile apps currently.
- The user will be prompted to sign in again.
- A notification email that the password has change is sent to the email address on file with the user account. Below is an example of what this email may look like.

If 2FA has been enabled, the following prompt will appear — and a code will be sent to the email address and/or phone number tied to the user account.
Note: Please make sure to check junk/spam email folders for the authorization code email if needed.


Once the code has been input in to the field, click on the
button to finish logging in.
Non-super users can manage their individual password, 2FA and notification settings by clicking on their username in the top left corner of the screen.

Unlocking a User Account After Multiple Failed Login Attempts
When a sign in attempt is not successful, the following screen will appear.

If incorrect login information is input, an email notification will be sent if failed login email notification setting was checked.
After 5 failed sign in attempts, a user account will become locked — both the user and super users should receive notification at this point.
Note: When a user account is locked, the password cannot be reset using the "Forgot your password?" option on the sign in page.
Super users can unlock a user account within the View User Account page. To access this page, click here or in the left menu navigate to: 
Locate the user and click on the
sign to the left of the employee's name. Then, under the expanded options, click on the
button to unlock the account.

FAQs
What if I'm not seeing an authorization code?
If you are not seeing the authorization code email in your inbox, make sure to check any junk/spam folders in case it was filtered there.
What do I do if it's not accepting my authorization code?
When inputting the authorization code, we do recommend typing it out manually as copying could add extra spaces that would prevent a successful log in.
What do I do if I can't log in after updating my password?
After updating your password, if you're having trouble logging in make sure to click on the eye icon
to the right of the password field to review what password appears. Keep in mind that some browsers may auto-fill information. If the new password was not saved in the browser after updating, it may auto-fill a previous password which would prevent a successful log in.
What if I'm seeing a message that says I don't have access when I log in?
Caregivers are only able to log in via the Billiyo for Caregiver App. So, if your user role is caregiver and you try logging in via computer you will see a message that states you do not have access to this page.
Can I make it so I don't have to input an authorization code every time?
There will be an option for Trust this computer that can be clicked on the authorization screen. If your settings are configured to Once per computer: We will only ask for a verification code once every 30 days on trusted devices, you will only be asked to input in an authorization code on that device every 30 days.

