Setting Up Two-Factor Authentication on Your Biller Genie Account

Set up two-factor authentication on your Biller Genie account using TOTP authenticator apps and email fallback. PCI-compliance session timeout explained.

Super Administrator

Written by Thomas Aronica (Super Administrator)

Updated

Multi-factor authentication (MFA) adds a second layer of security to your Biller Genie sign-in. The primary method is an authenticator app (Google Authenticator, Microsoft Authenticator, Authy, etc.) using a time-based one-time password, or TOTP. If you have not set up the authenticator app or you lose access to it, Biller Genie can fall back to an email-based secure link. This guide walks through setting up your authenticator, what happens if you lose your device, and the recovery codes that keep you from being locked out.

Why multi-factor authentication matters

Your Biller Genie account holds sensitive invoice records, your customers' stored payment methods, and the reports you use to reconcile against your bank. If someone got your password, they could see all of it. MFA blocks that path by requiring a second proof — a code from a device you physically hold — before letting you in.

Biller Genie processes payment-card data and follows the same security standards required of every business that handles card payments (PCI DSS). Multi-factor authentication on any account that can view or move money is one of those standards. Turning MFA on for every user on your account is the simplest thing you can do to keep your business and your customers protected.

The two ways Biller Genie verifies you

  • Authenticator app (recommended): a 6-digit code generated by an app on your phone (Google Authenticator, Microsoft Authenticator, Authy, 1Password, etc.). The code refreshes every 30 seconds. This is the primary method and the one PCI guidance considers the strongest.
  • Email secure link (fallback): if you have not yet set up an authenticator, or you are temporarily locked out of it, Biller Genie can send a one-time secure link to the email on your user profile. You click the link instead of entering a code. This is the fallback path, not the everyday path.

Set up the authenticator, then save the recovery codes

An authenticator app plus your recovery codes is the strongest setup. The email fallback is meant for one-off recovery, not daily sign-ins.

How to set up the authenticator app

  1. Sign in to Biller Genie.
  2. Click your name in the top-right corner and open Profile (Account Settings → User Profile).
  3. Find the Set Up Two-Factor Authentication button on the profile details page.
  4. Step 1 — Scan the QR code. Open your authenticator app (Google Authenticator, Microsoft Authenticator, Authy, 1Password, etc.) and use its "add account" or "scan QR code" function. Point it at the QR code on the Biller Genie setup page. If you cannot scan, the page also shows a manual setup key you can type in.
  5. Step 2 — Enter a 6-digit verification code. The authenticator app will start displaying a code that refreshes every 30 seconds. Type the current code into the Biller Genie page and submit.
  6. Step 3 — Save your recovery codes. Biller Genie will display 10 single-use recovery codes (formatted XXXXX-XXXXX). Copy them or download them as a text file and store them somewhere safe. You only see these once.
  7. Confirm setup. From your next sign-in onward, Biller Genie will ask for your authenticator-app code after you enter your password.

Save your recovery codes BEFORE you close the setup page

Recovery codes are the only built-in way to get back in if you lose your phone or reinstall your authenticator app. Treat them like a backup key. See Recovery Codes for Multi-Factor Authentication for storage best-practices and how to regenerate them if needed.

Signing in once MFA is on

After you enter your password, Biller Genie will show a 6-digit code prompt. Open your authenticator app, find the Biller Genie entry, and type in the current code. You will be signed in for the rest of the session.

Each new sign-in triggers a fresh code prompt. There is no "remember this browser for 30 days" option, by design — a stolen device should not be able to skip MFA on a future login.

What to do if your authenticator app is unavailable

A few common scenarios and the path forward in each:

You still have your phone, the code just is not working

Authenticator codes are time-based, so an out-of-sync clock will break them. On your phone, make sure the date and time are set to automatic (network time). Then wait for the next 30-second tick and try the freshly displayed code.

You lost or replaced your phone

Use one of the 10 recovery codes you saved at setup. From the code prompt at sign-in, switch to the "use a recovery code instead" option, enter one of the codes, and you will be signed in. Each recovery code only works once. As soon as you are in, set up the authenticator on your new device from your profile and regenerate the recovery codes.

You do not have your recovery codes either

If you have no authenticator and no recovery codes, you cannot sign yourself back in — this is intentional, since otherwise MFA would not be protecting anything. Email support@billergenie.com from a business email address. Support will verify your identity (business information, recent invoice numbers, or a phone call with the primary account owner) before resetting MFA on your account. Plan on this taking up to a business day.

When Biller Genie uses the email fallback

If MFA is enabled on your user but you have not set up an authenticator app — or your admin reset your authenticator — Biller Genie sends a secure sign-in link to the email on your profile instead of asking for a code.

  • From: a Biller Genie sender address.
  • Subject: mentions a secure link or verification.
  • Validity: the link is valid for about 10 minutes.
  • Delivery time: usually under a minute. Slower email providers (Outlook in particular) can take 2 to 5 minutes.

Work through these checks in order. They are also the most common reason merchants reach out about login issues.

  1. Wait two or three minutes. Some email providers batch incoming mail and hold deliveries for several minutes.
  2. Check the spam, junk, or promotions folder. Codes from automated senders sometimes land outside the main inbox.
  3. Confirm the email on file is correct. Click Resend from the sign-in screen. The email sends to the one on your user profile, not necessarily the email you originally signed up with. If you see a typo, an admin on your account will need to update it (or contact support).
  4. Check that your email provider is not blocking Biller Genie senders. Make sure your allowlisting rules include the Biller Genie sending domain. See Allowlisting Biller Genie IPs by Email Provider for the specific records to add.
  5. Try again after 10 minutes. An old link expires; a fresh one will be sent. Refresh the sign-in page and request another.

Still no email after all the checks above?

Email support@billergenie.com from a business address. Support can confirm the email is being sent on our side and, if needed, send a manual verification link as a fallback.

Why we log you out after 25 minutes

Biller Genie signs you out automatically after about 25 minutes of inactivity. This is set at the platform level and applies to every account — it cannot be extended for an individual user.

The inactivity timer resets every time you click, type, or navigate inside Biller Genie. So if you are actively using the application, you will not be logged out. The timeout only fires when there has been no input on the page for 25 minutes.

This works alongside MFA: MFA controls how a session starts, the inactivity timeout controls how a session ends. Together they keep idle sessions from being misused on shared or unattended devices. For more, see Why Biller Genie Logs You Out (Session Security).

Frequently asked questions

Which authenticator apps does Biller Genie support?

Any standard TOTP authenticator works: Google Authenticator, Microsoft Authenticator, Authy, 1Password, Bitwarden, Duo, and most password managers that include a TOTP feature. Biller Genie does not require a specific app — pick whichever you already use or trust.

Can I use email codes instead of the authenticator app every time?

Email is positioned as the fallback, not the daily path. Setting up the authenticator gives you a faster, more secure everyday login. If your day-to-day flow is more comfortable with email, that does work today, but the authenticator path is what we recommend and what PCI guidance favors.

Can I turn MFA off for myself?

Technically yes, but we strongly recommend leaving it on. Insurance, payments-industry compliance reviews, and your own customers all rely on you protecting access to the system that holds their payment data. If MFA is causing a workflow problem, contact support — there is often a setting on your side (email allowlisting, profile email update, or a re-enrollment) that solves it without disabling the protection.

Can an admin require MFA for every user on my account?

Account-wide enforcement is on the roadmap. Today each user enables MFA from their own profile. The cleanest workaround is to require it as part of your onboarding checklist when you add a new user.

What if I lose my recovery codes too?

Contact support@billergenie.com from a business email address. Support can reset MFA on your account after verifying your identity. To avoid this in the future, see Recovery Codes for Multi-Factor Authentication for storage best-practices.

Can I regenerate my recovery codes?

Yes. Open your profile, find the MFA section, and use the "Regenerate Recovery Codes" option. The new set replaces the old set — any unused codes from the previous set stop working. Always store the new ones immediately. Full details in Recovery Codes for Multi-Factor Authentication.

Your First Invoice in Biller Genie

Biller Genie is designed to work with the accounting software you already use. Yo...