Security & Authentication
BillManager supports social login (Sign in with Google or Apple) and two-factor authentication (2FA) to keep your account secure.
Social Login
If your administrator has enabled social login, you can sign in using an existing account from a supported provider instead of entering a username and password.
Signing In with a Social Account
- On the login page, click the provider button (e.g., Sign in with Google)
- You'll be redirected to the provider's login page
- Authorize BillManager to access your basic profile information (name and email)
- You'll be signed in automatically
If this is your first time logging in via a social provider and auto-registration is enabled, an account will be created for you automatically using your provider email address.
Linking Social Accounts
Already have a BillManager account? You can link social providers to it for faster login:
- Go to Admin Panel → Security
- Scroll to the Linked Accounts section
- Click Connect next to any available provider
- Complete the provider's authorization flow
- The account is now linked — you can sign in with either method
Unlinking Social Accounts
- Go to Admin Panel → Security → Linked Accounts
- Click Disconnect next to the provider you want to remove
If you don't have a password set (i.e., you signed up via social login only), you must either set a password or keep at least one social account linked. BillManager won't let you remove your only way to sign in.
Two-Factor Authentication (2FA)
Two-factor authentication adds a second verification step after entering your password, making it much harder for someone to access your account even if they know your password.
Available 2FA Methods
| Method | How It Works |
|---|---|
| Email OTP | A 6-digit code is sent to your email address |
| Passkey / WebAuthn | Use a hardware security key, fingerprint, or face recognition |
| Recovery Code | A one-time backup code (for emergencies) |
Enabling Email OTP
- Go to Admin Panel → Security
- Click Enable Email OTP
- A verification code is sent to your email
- Enter the code to confirm setup
- Save your recovery codes — these are your backup if you lose access to your email
Recovery codes are shown only once during setup. Store them somewhere safe (password manager, printed copy in a secure location). Each code can only be used once. If you lose both your email access and recovery codes, you will be locked out of your account.
Enabling Passkeys
If your administrator has enabled passkey support:
- Go to Admin Panel → Security
- Click Add Passkey
- Follow your browser's prompt to register a security key, fingerprint, or face recognition
- Give it a descriptive name (e.g., "MacBook Touch ID" or "YubiKey")
You can register multiple passkeys for redundancy.
Signing In with 2FA
When 2FA is enabled, after entering your username and password (or signing in via social login), you'll see the verification page:
- Email OTP: Click "Send Code", check your email, enter the 6-digit code
- Passkey: Click "Use Passkey" and follow your browser's prompt
- Recovery Code: Click "Use Recovery Code" and enter one of your saved codes
Disabling 2FA
- Go to Admin Panel → Security
- Click Disable 2FA
- Enter a verification code (sent to your email) to confirm
Security Best Practices
- Enable 2FA on your account, especially if you use the same password elsewhere
- Use a passkey if available — they're phishing-resistant and more convenient than email codes
- Store recovery codes in a password manager or printed in a secure location
- Link multiple social accounts so you always have a backup way to sign in
- Review your linked accounts periodically in Admin Panel → Security and remove any you no longer use