Opower for PECO... BEWARE of this "upgrade"

(July 29, 2025)
I Just received this e-mail from PECO:

Your online PECO account (MyAccount) is a powerful tool that gives you 24/7 access to check your balance, make payments, sign up for alerts, and more. To help safeguard your account, we are adding an additional layer of security. In the coming weeks, Multi-Factor Authentication (MFA) will be enabled, which is a security feature that requires you to verify your identity in more than one way when logging into your account.

With MFA, when you log into your MyAccount profile on the web you will be required to enter a code in addition to your email and password. The code will be sent to the email or mobile phone number associated with your MyAccount. If you don’t have a phone number on your account, you will be given the option to add one to help expedite login.

If you’ve already set up MFA, please disregard this message.

I suspect that this “upgrade” will block Opower… see: Opower - Home Assistant

Exelon subsidiaries

When using Opower with any of the Exelon subsidiaries, such as BGE, ComEd, PECO, Pepco, etc., you need to actively disable two-factor authentication. Before proceeding, make sure you understand the security implications of disabling 2FA. Log onto the website, select Don’t use 2FA and Don’t ask me again. If you have already enabled 2FA, you most likely cannot disable it, which unfortunately means you cannot use this integration.

image798×171 16.6 KB

I hope, but am not optimistic, that you’ll be able to turn it off when they force it on.

PECO is frustrating… their electric meters are smart meters with Zigbee functionality that cannot be used, even though it was a selling point to the state for originally moving to these meters. I thought the gas meter might be RF around 920MHz, but haven’t been able to identify anything. It might be encrypted.

This part: Note: Once you’ve enabled MFA, you can’t turn it off.
… makes me abandon all hope. I have no plan to enable MFA (unless they prevent account access without MFA in the future)

Bridgekeeper: Stop. Who would cross the Bridge of Death must answer me these questions three, ere the other side he see.

I read their email as “we’re turning it on for you whether you want it or not.”

It’s official (as of August 7, 2025) PECO now requires MFA as part of the log in process, they no longer support simple Userid/password logins. This integration is now inoperative for PECO customers.

Thanks for all the fish.

image1185×821 40.6 KB

image783×132 5.2 KB

image952×313 21.2 KB

submit a feature request on GitHub for Opower MFA. Plenty of integrations have MFA support.

That is the way… as it turns out, many have.

with more here: is:issue state:open opower GitHub · Where software is built

MFA has been added to the Opower PECO integration with 2025.9.4.

Edit: Eh, I guess there is an issue with restarting, the MFA token becoming invalid, and not being able to get a new one without deleting and reinstalling the integration. Probably better to keep this disabled (or uninstalled) for now.

Opower for PECO was my motivation for moving to 2025.9.4, but as you said the token does not “renew”.

I get this message: (I re-enabled just to get this message )

Failed setup, will retry: HTTP Error: 401 URL: https://peco.opower.com/ei/edge/apis/multi-account-v1/cws/peco/customers?offset=0&batchSize=100&addressFilter=? Status: 401 Response: {"error":"invalid token","error_description":"JWT expired at 2025-09-23T14:16:23Z. Current time: 2025-09-26T19:36:09Z, a difference of 278385035 milliseconds. Allowed clock skew: 1000 milliseconds."}

See: Opower integration with PECO Exelon broke with PECO MFA · Issue #150289 · home-assistant/core · GitHub