Two-Factor Authentication
Accordion Section
Two-Factor Authentication (TFA) is a global security standard that adds an extra layer of protection to your account. It requires you to verify your identity using two steps—something you know (like your password) and something you have (like a code sent to your phone or email). This helps safeguard your personal information and prevents unauthorized access.
Starting May 21, customers with a Sobeys account can add their phone number as an additional way to verify their identity when logging in. Once you select your authentication method, you’ll receive a time-sensitive 6-digit code via SMS text or voice call, along with email. You'll be prompted to enter this code like a numeric key to confirm your identity and complete your login. Your phone number is stored securely and used only for authentication purposes. Adding your phone number helps keep your account safe.
We’re giving you more flexibility to choose how you secure your account. You now have the option to authenticate your login using SMS text, voice call, or email. Updating your preferences allows you to select the method that works best for you while keeping your account protected.
You may be asked to complete Two-Factor Authentication (TFA) when logging into your account on our websites or mobile apps to help keep your account secure. TFA may be triggered during registration and at certain login attempts, depending on factors like your location or the device you’re using. This extra step helps ensure that only you can access your account, even if someone else knows your password.
You can update your TFA contact details and preferences at any time by going to the security settings in your account profile. There, you can add or change your phone number and select whether you want to receive your authentication code by SMS text, voice call, or email. If you haven’t provided or verified a phone number, you’ll be reminded every 6 months to add a valid number so you can enable SMS text or voice call as your preferred method.
Your TFA code is usually sent instantly and should arrive within a minute. If you don’t receive it, you can choose to resend the code directly in the app or online.
You may be prompted to re-authenticate depending on several factors.
SMS text messages and voice calls will display the name of the store that you are trying to access. This means you’ll see a familiar name in the text message sender or caller ID, so you can trust that the code was sent from us.
You have three attempts to enter your TFA code correctly. After three unsuccessful attempts, your account will be temporarily locked, and you won’t be able to access it. If this happens, follow the prompts on the login page or contact Customer Care for help unlocking your account.
Your phone number will only be used for the purpose of authenticating your account with TFA.
No, Two-Factor Authentication (TFA) is required to keep your account secure. However, you can choose how you want to authenticate. You can receive your code by SMS text, voice call, or continue using your email to verify your login.
Yes.
No, your TFA authentication phone number is used only for security purposes and will not affect your contact, marketing, offers or delivery preferences. These remain separate and you can continue to manage them in your account settings.
Your TFA contact information (such as your phone number) is used only to send secure authentication codes when you log in. It is stored securely, processed in accordance with privacy regulations, and is not used for marketing or shared without your consent.
If you delete or cancel your account, your TFA contact information will be securely removed from our system in accordance with our data retention and privacy policies. We do not retain your TFA details once your account has been fully deleted.