Turning off MFA for SDG&E

What is multifactor authentication (MFA)?

Multifactor authentication is a form of enhanced security that requires you to prove your identity in more than one way when logging into a website. Your user name and password provide the first proof of your identity (or factor). The second factor can take many forms, such as a security question, PIN code, etc.

MFA is also sometimes referred to as two-factor authentication or 2-step verification.

What is changing at SDG&E?

SDG&E is adding multifactor authentication to its website and mobile app. Starting in February 2022, eligible customers will be enrolled automatically.

SDG&E’s MFA requires customers to have a mobile number on record. After entering a user name and password, customers will receive a login code via text message.

Isn’t MFA a good thing?

It can be. MFA is strongly recommended for sensitive accounts such as email or financial services. However, SDG&E’s implementation of MFA suffers from several flaws that are likely to cause headaches for commercial customers.

SDG&E’s website only allows a single email address to be associated with an account. This limitation has several downstream consequences:

  • Corporate customers often share an SDG&E login between multiple employees. For example, your accounting department and property managers might both need access to the website. Turning on MFA means that only one person will be able to log into the website.
  • MFA ties website access to the mobile phone of an employee who may eventually leave the company. Commercial customers usually control employee email accounts, but they don’t always control employee mobile phone numbers.
  • MFA will cut off data access for Gridium and any other third parties who rely on the SDG&E website for timely energy data.

Unfortunately, there is no good technical workaround for these issues. Until SDG&E improves its MFA implementation, the costs outweigh the benefits for commercial customers.

How can SDG&E MFA be turned off?

Turning off MFA is easy:

1. Log into the SDG&E website.

2. Click on your account name in the upper right corner and then click “My Profile.”

3. Make sure that the toggle under “Enable 2-Step Verification” is off (switched to the left).

4. Optionally, edit your phone numbers to remove any entry in the Mobile Phone field. If you want SDG&E to have a contact number, enter it in the Work Phone field instead.

0 replies on “Turning off MFA for SDG&E”

You may also be interested in...

PG&E data sharing

PG&E has implemented new data sharing features that allow you to securely grant access to Gridium. Follow these steps to ensure uninterrupted access to your energy use and cost data. The sharing features allow Gridium to aggregate your energy data…

Read More
Understanding your building email report

Snapmeter delivers powerful energy analytics right to your building operations team online, on mobile, and with custom reporting.

Read More
PG&E security update: details and instructions

Starting on May 12, 2025, PG&E is requiring all customers to update their login information to meet more stringent security requirements. You need to take steps to ensure continued access to your PG&E account for yourself and for providers like…

Read More