German Emissions Trading Authority

Security

Strict security regulations apply to the Union Registry. Maintaining good user behaviour can make a substantial contribution to the security of the overall system.

Your personal password

You can set your own password when you set up your ECAS login and also change it at any time later. Never share your password with third parties. Attention! Keep your password always secret!

11/07/2017

2-factor access authentication

For access to the Union Registry Authorised Representatives need:

  • Username
  • Password
  • DEHSt activated mobile number for a Union Registry login via EU Login

For a Union Registry login you need your username, password and a string (so-called "challenge"), which is sent to your Union Registry confirmed mobile phone number via SMS by EU Login. Please note that although you can have multiple mobile numbers with EU Login, you can only actually login with the Union Registry confirmed mobile number.

11/07/2017

Secure handling of the 2-factor authentication

Do not use the same device for logging into the Union Registry and for receiving the SMS such as a smartphone. When using two different devices, such as a computer and a mobile phone, EU Login provides better security.

  • In the SMS, EU Login also transmits information about the transaction to be confirmed in the Union Registry such as a transfer of 100 EUAs to account XYZ. Always make sure that the stated purpose in the SMS text exactly matches what you have actually initiated in the Union Registry. If the text does not match, cancel the operation without entering the string transmitted.
  • Do not save your username and password on the mobile phone that you use for EU Login. Otherwise, if lost or stolen, a finder or fraudster would have everything required to log in to the Union Registry and conduct transactions as if it was you.

11/07/2017

Authenticity of the Union Registry website

So you can be sure you are on the Union Registry website, these sites have a special certificate. You can verify the authenticity of the page with this certificate e.g. by clicking on the lock icon in the status bar in Internet Explorer.

The certificate should contain the data exactly as shown in the following image, especially the SHA-256 Fingerprint.

Certificate of the Union Registry's Internet pages

The ECAS pages also have a special certificate. It is shown in the following image. Please compare the SHA-256 Fingerprint as well.

Certificate of the ECAS Internet pages

11/07/2017

URL

When logging in and entering data, always make sure that the address of the Union Registry is shown in the address bar of your browser. The domain of the European Commission will be highlighted (unless this function has been disabled in the browser settings), e.g.

https://ets-registry.webgate.ec.europa.eu/euregistry/DE/index.xhtml

If you are not absolutely sure that you are on the correct website or anything else seems strange (unusual messages, display of blank pages, unusually long loading times and the like), you should immediately terminate the connection and login again.

11/07/2017

Logging out of the protected account area

Always leave the protected area by logging out from within the open browser window. To do this, always click on the "Logout" link in the upper right of the Union Registry.

11/07/2017

Security updates

Regularly and immediately install security updates for your operating system, browser and the applications you use. Using anti-virus software with the most current definitions should be standard practice for your data security.

11/07/2017

Online Services