Sorry! The page this link goes to is still under construction.

Help Section - Account Registration and Access

Last updated 1st August 2022

Registrant Information: Security Requirements for the Energy Rating Product Registration System

The following information details the updated security requirements for the Energy Rating Product Registration System (the Registration System).

This information applies to all users of the Registration System.


In September 2021, the GEMS Regulator changed how users access the Registration System.

These changes included:

  1. Replacing passwords with passphrases and a new passphrase policy
  2. Requiring users to change their passphrase every 90 days
  3. Locking accounts temporarily where users have failed to log in five times in a row
  4. Temporary account deactivation for accounts that have not been accessed in over 30 days.

These changes are part of the Australian Government's ongoing focus on uplifting cyber security across all government systems. They are designed to protect you, your data and the system itself from malicious cyber activity.

Detailed information about these requirements can be found here.

Keeping Your Data and the Registration System Secure

Keeping the Registration System secure is everyone's responsibility.

There are several ways you can help keep the Registration System secure:

  1. Use your own individual user account. Do not share your login details.
  2. Allowing someone else to use your login details increases the risk that your account will be compromised, especially if they are used on another website that falls victim to a cyber-attack.

    Keep your login details to yourself. Do not share them with anyone else, including colleagues or supervisors. The Energy Rating Team will never ask you for your passphrase.

    Your individual user account is different to the Applicant ID account. The Applicant ID account is used by the company that registers products. To access the Applicant ID account, you need to be given access by the Applicant's Authorising Officer.

  3. Do not use shared accounts.
  4. Shared accounts increase the risk of unauthorised users being able to access accounts. Ensuring every person who needs access to the system has their own individual user account means you can be sure that only the people who needs access to your company's information have it.

    The Energy Rating Team may suspend or terminate your account access if it has been determined that multiple people are using the same account.

  5. Use a password manager.
  6. If you need to store your login details, use a password manager. Do not write them down or store them in unsecure locations.

  7. Change your passphrase regularly.
  8. Change your passphrase regularly and do not use it on another website or system. You will not be allowed to use the same passphrase more than once. The system will prompt you to change your passphrase every 90 days if you do not change it before then.

  9. Provide access only to those with a need to know.
  10. Give access to your company's Applicant ID account only to those who have a genuine need to access the information, and whom you authorise to do so.

  11. Report suspicious activity.
  12. Alert the Energy Rating Team if you notice any odd or unusual activity.

  13. Log out of the system when you are done.
  14. Log out of the Registration System and exit your browser when you are finished, especially on a shared computer. This will clear your login session.

Help and Information

Refer to the Help section of the Registration System for further details and step-by-step instructions on these changes:

You can also refer to the Australian Cyber Security Centre for tips and advice on managing your personal cyber security.

If you have questions, please contact us.