Emissions Units are a commodity that needs to be protected just like your money when it is in a bank.
Your personal information is also an asset that you need to protect from other people.
The EPA have security and controls in place to help protect your assets and information. However we also require your help as we need you to be vigilant.
Any system or site won’t be secure if users do not protect their computers, usernames and password details or have easy to guess passwords.
Please contact us immediately on our Suspicious Activity Line, 0800 387 4688 to report the following:
you believe that your password has been compromised;
for any security concerns regarding phishing, hoax emails or phone calls relating to the Register.
This is a free call within NZ (overseas callers can use +64 4 918 3502 – note that normal phone charges apply).
For all other enquiries, please call 0800 CLIMATE (0800 254 628) during business hours, this is a free call
within NZ. Overseas callers can use +64 3 962 2708, (normal phone charges apply).
Our business hours and full contact details are available on our Contact us page.
Your RealMe username and password are for your use only.
The EPA will never ask you for your RealMe password. Never tell anyone your password including people at our contact centre, the EPA or any government representatives.
You can view your last login details (date and time) which show when your account in the Register was last used. This will
ensure that you know your account has not been compromised.
Phishing is where people contact you as part of a scam; often by email, phone, or by directing you to a phoney website to obtain financial or
personal identity information.
We will never contact you asking for your password or provide you with a link to another website that asks you to verify your password.
If you receive an email asking for your password, do not respond to the email or click on the link and please contact us immediately on our Suspicious Activity
Line 0800 387 4688 (overseas callers can use +64 4 918 3502) to report the matter. If you believe that someone may have seen you typing in your password
we advise you to change it.
Don’t save your RealMe username and passwords in your internet browser.
Do not use public computers to access the Register.
Choose a quality password which contains strong content. For general guidelines on password content please refer to our “Do’s and Don’ts”
general password guidelines section below.
Supply an email address for Register correspondence that you do not share with other people.
Ensure the use of up to date anti-virus software on your computer and mobile devices such as mobile laptops, tablets such as Apple iPads
(and where available on your mobile phone).
Run regular scans for viruses, use licensed approved software
Use the lock password / passcode required function on your computer or mobile device when not in use.
Be aware of people around you when you are entering your username and password details and make efforts to conceal what you are entering especially in public areas.
Recommendations for those who receive transaction authorisation codes on your mobile phone or if you use your mobile phone to access the internet and your email:
Where possible use a complex code rather than a default 4 digit passcode.
Avoid changing security details such as passwords in public places and avoid leaving mobile devices unattended.
Check for approved manufacturer operating system updates to fix security issues and apply them when available.
Don’t use public Wi-Fi spots that do not require a password when using any secure web services
Do not use mobile devices such as laptops, tablets and phones which have been modified to bypass the manufacturer protection measures.
These manufacturer protections are there to restrict access, limiting what can be installed and modified on the device, such as applications and malicious
software (malware). We advise the use of approved software only.
(For Apple iOS devices bypassing manufacturer protections is known as “jailbreaking” and by other names for androids).
If you receive transaction authorisation code text messages must notify the EPA as soon as possible:
if you change your mobile phone number
if you lose your mobile phone
If you receive notifications and transaction authorisation codes by email you must notify the EPA if you change your email address.
The email address that you must supply when you become a user of the Register:
should be one that you do not share with others
must be a valid email address
must be unique as it can only be associated with one username in the Register.
The EPA have process and system controls in place to help protect the security and integrity of the Register, your assets and personal information.
The EPA strives to provide as much protection as possible by regularly reviewing and updating our security and technology.
No data transmitted over the internet can be guaranteed to be absolutely secure, as there are always new vulnerabilities being identified.
Once the EPA receive your data the EPA takes reasonable steps to protect your information.
The EPA use security certificates (issued by VeriSign) to protect you when you login to use the Register. The displaying of this certificate
assures you that the EPA are a legitimate site and that data between your computer and our site is secure as it can be.
You will notice, when using the Register, that the address in your address bar changes from http to https and you should see a
padlock in the address bar. When you click on the padlock it shows you the certificate information for the Register.
If you ever connect to the Register logon page and you cannot see evidence that it is an https session
(it is not showing our certificate and the padlock) please contact us.
Our full contact details are available on our Contact us page.
The EPA also use additional security measures to process certain transactions to keep your information and units secure.
The Climate Change Response Act 2002 (CCRA) gives the EPA the power for protecting the integrity and security of the Register. The EPA may suspend
part of or the entire operation of the Register to ensure the security or integrity of the Register, or for other reasons specified in section 13 of the Climate Change Response Act 2002.
The following contains general information about passwords. No password is absolutely 100% safe, but you can help make it secure as possible by following the advice below.
Choose quality passwords that contain a combination of at least one character from all three of the following character sets:
uppercase alpha (A-Z)
lowercase alpha characters (a-z)
numeric (0-9) or special characters/punctuation (!@#$%^&*).
Passwords should be memorable, but complex enough so that they are difficult to guess if someone knows details about you: Rather than just using a name or a single dictionary
word, one common method is to make up your password content by using a phrase and including a combination of characters.
It is recommended that passwords be at least 10 characters in length or longer: A longer password that uses a combination of characters helps
secure against attacks and password guessing.
Websites and systems should have checks in place to enforce that you to use a quality password as shown above and restrict you from reusing passwords: You should
use a quality password you have not used before, even if you are not prompted to.
Do not use a word that is in the dictionary as your password for any system: A combination or more random password format is a
lot more secure than common words even with a number.
Do not use repeated, consecutive or adjacent characters such as “999999999”, “12345678”, “abcdefgh” or “qwertyuio”:
These are examples of easy combinations that people will try when guessing passwords.
Do not use the same base password with a number at the end and only change the number e.g. thisone01, thisone02: If someone obtained your base password,
they may be able to guess your current password by guessing what the current number is.
Do not use the same password for multiple sites and services: If someone did guess your password for one system, they would then know
your passwords for any system using that password.
For example: don’t use the same password for your internet banking and your email.
Do not use passwords that include details people may know about you or family such as:
dates of birth
driver licence numbers
Passwords should be memorable, but complex enough so that they are not easily guessable by someone that knows details about you.
Do not use inappropriate password content: There are certain words a lot of sites will prevent you from using in your password content.
Do not write your passwords down and have them next to your computer: If you are one of the people who have to write passwords down,
store it securely away from your computer or mobile device. Do not store a username and password together.
Passwords should also not be saved in your internet browser: Other people could gain access without needing to know the password.
Do not type passwords into a document and save them on your computer or mobile device: Other people could gain access to the contents of the file.
Some of the anti-virus software companies now also supply tools and applications for generating and storing passwords more securely on your computer.
Make sure they are from reputable sites and beware of downloading and using free products from unknown sources.
Logo of Environmental Protection Authority's logo.