This new feature of SDG&E's website will cause more headaches for commercial customers than it will solve.
What is multifactor authentication (MFA)?
Multifactor authentication is a form of enhanced security that requires you to prove your identity in more than one way when logging into a website. Your user name and password provide the first proof of your identity (or factor). The second factor can take many forms, such as a security question, PIN code, etc.
MFA is also sometimes referred to as two-factor authentication or 2-step verification.
What is changing at SDG&E?
SDG&E is adding multifactor authentication to its website and mobile app. Starting in February 2022, eligible customers will be enrolled automatically.
SDG&E’s MFA requires customers to have a mobile number on record. After entering a user name and password, customers will receive a login code via text message.
Isn’t MFA a good thing?
It can be. MFA is strongly recommended for sensitive accounts such as email or financial services. However, SDG&E’s implementation of MFA suffers from several flaws that are likely to cause headaches for commercial customers.
SDG&E’s website only allows a single email address to be associated with an account. This limitation has several downstream consequences:
- Corporate customers often share an SDG&E login between multiple employees. For example, your accounting department and property managers might both need access to the website. Turning on MFA means that only one person will be able to log into the website.
- MFA ties website access to the mobile phone of an employee who may eventually leave the company. Commercial customers usually control employee email accounts, but they don’t always control employee mobile phone numbers.
- MFA will cut off data access for Gridium and any other third parties who rely on the SDG&E website for timely energy data.
Unfortunately, there is no good technical workaround for these issues. Until SDG&E improves its MFA implementation, the costs outweigh the benefits for commercial customers.
How can SDG&E MFA be turned off?
Turning off MFA is easy:
1. Log into the SDG&E website.
2. Click on your account name in the upper right corner and then click “My Profile.”
3. Make sure that the toggle under “Enable 2-Step Verification” is off (switched to the left).
4. Optionally, edit your phone numbers to remove any entry in the Mobile Phone field. If you want SDG&E to have a contact number, enter it in the Work Phone field instead.