Help
General
Without your password, you will not be able to log into My BOP.
When logging in with a certificate file, there is no restriction on incorrect attempts. Your certificate will not be automatically blocked.
If you use a security stick and have registered without ElsterAuthenticator, please note that after three incorrect entries of the password, the certificate is blocked on the stick and therefore unusable. Unlocking is not possible. Please register again. When registering with a security stick and ElsterAuthenticator, a PUK was created with which the PIN can be unlocked.
If you use a signature card, the number of possible password / PIN entry failures depends on your signature card.
If your certificate is suspended, it will not automatically delete your user account in My BOP.
If the password is irretrievably lost, you can regain access to your account using the access renewal.
If you have lost your certificate file, , you can regain access to your account using the access renewal.
Alternatively, you can perform a new registration. It is not possible to transfer the data stored under the old user account to the new user account. Please note that in case of registration with your personal IDNr. only one active user account per ID number. can exist. Before you can perform a new registration, you must first delete the old user account. In the navigation, call up the item "User account service" and there select "Delete user account".
My BOP offer is not chargeable. Users who are interested in the login options Security Stick or Signature Card, however, need a security stick or a supported signature card for authentication plus card readers already at registration, which they must buy in advance or already own. This is associated with costs. When using a certificate file, there are no costs.
Yes. Incidentally, you can also decide which type of security method suits you best by choosing the type of registration.
Technical information on the individual procedures can be found at Data Security / Security technology.
Currently only the submissions made directly through My BOP (in the Forms / Services section) produce a confirmation of receipt in the My BOP inbox.
User accounts
Yes, you can create up to 200 user accounts per BZSt number (which you must provide when registering).
Yes. Only the user names of the user accounts must be different. Please note, however, that the simultaneous use of signature card and security stick on a PC can cause technical problems with the driver software.
You must register for each user account you want to create. Please note that each time you register, you will need to provide a new username for the user account so that you can distinguish your user accounts.
Yes, under "My user account" "Delete user account" allows you to delete a user account that you no longer need. You will need to enter the user name of your account and your Email address and then simply click on "Next". If you no longer know the username, you can have the information sent to you on all user accounts registered under an Email address. If an unauthorized person wanted to block one of your accesses, they would need to know your Email address and the answer to your personal security question. Therefore, you should remember the answer to the "security question" and not give it to anyone.
If the answer to the security question has been entered 3 times incorrectly, you can try the account deletion the next day (from 00:00:01 o'clock). You then have again 3 attempts.
If you have found a misuse in connection with your user account in My BOP and cannot remember your security question answer for deleting the user account, you can arrange for a deletion of your user account stating the tax number and username through the tax office responsible. Deletion by the ELSTER hotline is not possible.
Yes, with "My user account", "Delete user account", you can also delete a user account that has not yet completed the registration. Please note, however, that for technical reasons the letter with the activation code will be sent to you. This does not affect the deletion of the user account. You can then destroy the letter with the activation code.
No. This function is intended for a later date. At this time, all data (for example, inbox messages, drafts, and created profiles) will be deleted. They cannot be restored.
If the answer to the security question has been entered 3 times incorrectly, you can try the account deletion the next day (from 00:00:01 o'clock). You then have another 3 attempts.
If you have detected an abuse related to your user account in My BOP and cannot remember your security prompt for deleting the user account, you can arrange for a deletion of your user account stating the tax number and user name at the tax office responsible. Deletion by the ELSTER hotline is not possible.
ElsterAuthenticator
The ElsterAuthenticator is a program that allows the use of My BOP with a security stick and signature card without Java browser plugin.
After installing and configuring the ElsterAuthenticator, My BOP users will be able to use all supported browsers along with their security stick or signature card. During use, the ElsterAuthenticator must be running in the background. Then, if a step is taken in My BOP that requires access to the security stick or signature card, the ElsterAuthenticator will come to the fore and request password entry to perform the action (for example, opening a message in the inbox or sending a form).
The ElsterAuthenticator can only be used with safety sticks and signature cards. The supported operating systems are Windows, MacOS and Linux. For detailed information about the supported configurations, see www.sicherheitsstick.de.
Certificate files are still supported directly in the browser based on JavaScript, the use of the ElsterAuthenticator is not required here.
When registering with a security stick with the ElsterAuthenticator, you will be prompted to remember the newly created PUK (Personal Unblocking Key). Alternatively, the PUK can also be saved. With the PUK, it is possible to unlock the password of the security stick "G&D StarSign Crypto USB Token (S)" if it was entered incorrectly too often.
If a registration was made without using the ElsterAuthenticator, there is no PUK. Unlocking the "G&D StarSign USB Token" is not possible because there is no token administration tool available for this security stick. Unlocking the "G&D StarSign Crypto USB Token (S)" is possible via the token administration tool or the ElsterAuthenticator.
If the password has been entered incorrectly too many times, then your security stick gets blocked and you will receive a corresponding error message. To unlock the "G&D StarSign Crypto USB Token (S)" using the PUK, navigate through the Change Password menu. There you will find a link "Forgot password / Stick locked?" If you follow this link, you can enter your PUK, assign a new password and thus unlock your security stick.
In the event that the ElsterAuthenticator stops immediately after starting with the error message "Port occupied", check whether another ElsterAuthenticator has already been started.
If this is not the case, then the cause is that another application on your system is occupying port 2848. Please try to determine the application in question and close it while using the ElsterAuthenticator.
To be able to perform various actions in My BOP with the ElsterAuthenticator (for example, sending forms), the ElsterAuthenticator must be able to connect to My BOP.
If the connection cannot be established, then one possible cause is that your system environment cannot connect directly to the Internet, but only through an HTTP proxy. In this case, go to the ElsterAuthenticator configuration, section "Proxy" and enter the proxy URL required in your system.
At times, firewall settings restrict the access of the ElsterAuthenticator to My BOP. If this is the case, access to the host www.elster.de, Port 443, Protocol TCP must be enabled.
Use the connection test in the proxy configuration of the ElsterAuthenticator to verify that a connection can be established.
Your password must not be too short or contain any unauthorized characters. It must be exactly 6 characters long and only the following characters are permitted:
Letters (without umlauts and ß), digits and the special characters !"#$%&'()*+,-./:;<=>?@[]^_`{|}~ and the space character.
Security sticks
The security stick is a special USB stick for secure identification in My BOP. It has a cryptographic chip that can securely store the digital identity of a taxpayer and perform the cryptographic operations for authentication and electronic signature.
To use the security stick, you must install additional software, which you can download at www.sicherheitsstick.de,
The security stick is not visible as a drive in your computer.
No, at the moment you can only buy the security sticks in this shop.
The security stick supports 64-bit operating systems. For more information about the supported drivers for 64-bit operating systems, see www.sicherheitsstick.de.
You will find further frequently asked questions about the security sticks at https://www.sicherheitsstick.de/FAQs.html.
Signature cards
A maximum of one user account in My BOP can be used with a signature card. However, your signature card already has an active user account for BOP; a login to your previous user account is possible. To register for a new user account with your signature card, you would first have to delete the existing user account.
No. Privacy and data security for the citizen have the highest priority for fiscal authorities. That's why protecting your data is very important to us. To ensure that only you have access to your tasks and mailbox messages, they are stored in encrypted form. If you are not prompted to enter your PIN when opening mailbox messages or stored tasks, then the driver of your signature card is likely to have stored your PIN entered during login to decrypt the data (so-called PIN caching). In this case, further entries are not necessary.
The signature cards of the publishers "VR-Bank" and "DRV Rheinland" will be only partially supported from June 2016. A log in from registered users of these cards is still possible. However, a new registration with these cards or a certificate change to these cards will no longer be possible from June 2016.
ElsterSecure
ElsterSecure – the secure, mobile login
With My ELSTER, citizens and companies can submit their tax returns easily via their browser. To do this, the user must log in using a secure login. ElsterSecure allows you to log in to My ELSTER easily and securely without having to rely on a certificate file.
Using ElsterSecure, you can log in to your My ELSTER account at any time, using your PC or the device on which ElsterSecure is installed. You will need:
- A mobile device with a camera (smartphone or tablet) with the ElsterSecure app installed.
- A user account with My ELSTER that can be linked to the app on your device.
To set up ElsterSecure, you must have the app installed on your mobile device. The device must have a camera to scan QR codes.
Links to app stores:
Set up ElsterSecure as additional login option for an existing user account
First, log into My ELSTER on your computer as usual. You will usually need your certificate file to do so. After logging in, go to "My user account". There, click on the button "Add a ElsterSecure login option". Follow the instructions.
Create new My ELSTER user account using ElsterSecure
If you do not yet have a user account for My ELSTER, you can register using ElsterSecure. Go to "Create user account" and select the "ElsterSecure" login option under "How do you want to log in to My ELSTER". After receiving your activation ID by e-mail and your activation code by post, you can complete your registration using ElsterSecure. This process allows us to ensure that no unauthorized parties can access your confidential tax data.
Note: We recommend setting up a certificate file as an additional login option for your account in case you lose your mobile device. This means that you can still access your account even without your mobile device. After successfully registering in My ELSTER, set up a certificate under "My user account > Additional login options". Without additional login options, if you lose your device you can use the "Lost your smartphone?" function on the login page. You will receive a new activation letter by post so that you can access your ELSTER account again.
ElsterSecure provides a secure and simple way of logging into My ELSTER. Please note that the use of the ElsterSecure app is currently only possible with My ELSTER and not with tax software from third-party manufacturers.
After registration, you can add another login option to your user profile (e.g. a certificate file). This will then enable a transmission of forms using tax software from third-party manufacturers.
Yes, you can also add access keys for multiple user accounts to My ELSTER in ElsterSecure. The ElsterSecure app then offers you all available access keys to choose from when you log in.
Yes, you can use ElsterSecure on up to 3 devices for the same user account. To do this, you must link each device individually. After logging in, go to the "My user account" > "ElsterSecure" page. There, click on the "Add ElsterSecure login option" button. Then follow the instructions.
Note: If you have already added 3 devices, the "Add ElsterSecure login option" button will only be available again once you have removed one of the existing access keys from your user account.
To fully remove it from ElsterSecure, you must remove the access key in the app and in your user account.
To remove an access key from a mobile device, use the menu in the app to go to Settings > Key. There, you will see all available keys and can remove these by clicking on the trash can icon.
To remove keys in My ELSTER, go to "My user account > Manage ElsterSecure login option". You can remove the connection here.
If you have lost your device or can no longer use it
If you can no longer use your device, you should remove the connection to the device in your My ELSTER account. Log in to My ELSTER using another access method and go to "My user account > Manage ElsterSecure login option". Here, you can see and delete your connected devices.
If you do not have another access method, you must renew your access to My ELSTER. Go to the login page and click on "Lost your smartphone?". Unless stated otherwise, this immediately blocks all existing access keys.
Add another/new device
If you wish to add another device, log in to My ELSTER and go to "My user account > Add a ElsterSecure login option". After successfully adding a new device, you can remove previous connections under "Manage ElsterSecure login option".
See "What do I do if I lose my device or want to set up a new device?"
Note: Migration assistants for Android or iOS ensure that the ElsterSecure app is installed on your new device but they do not transfer access keys. As these are a security feature, they cannot be exported from your old device.
To meet ELSTER’s high security standards, the ElsterSecure access key is protected using the smartphone’s/tablet’s security mechanism. The ElsterSecure keys are closely linked to the process chosen to unblock your device. This means that the ElsterSecure key can no longer be used after removing the display lock or biometric data (facial recognition, fingerprint) – even if the display lock protection settings on the device are the same as before.
In this case, you need to set up ElsterSecure on this device again (see "How do I set up ElsterSecure?").
If ElsterSecure is your only valid access method, please use the "Renew access" function.
In this case, please contact ELSTER support and provide the log data from the ElsterSecure app. You can forward the log data from the app under "Support" in the menu. If you cannot use the direct e-mail function, as an alternative you can use the "Share log data" function and then, for example, select your preferred e-mail app.
ELSTER does not recommend operating your device without a display lock. Nonetheless, it is possible to use ElsterSecure without a display lock. However, you must create a password when first setting it up. You must enter this password every time you log in to ELSTER in order to use the ElsterSecure access key.
Removing ElsterSecure access keys from your user account in My ELSTER does not automatically remove the access keys on your devices.
If you have ElsterSecure access keys on your device that you no longer need, you can remove these in the app under "Settings > Keys".
In some cases, it is not yet possible to add ElsterSecure for technical reasons. ElsterSecure will be available for all accounts shortly.
To log in on the same device on which the app is installed, a button for logging in is displayed instead of the QR code. Click on the button to open the ElsterSecure app.
If you also see the QR code and no button on your smartphone or tablet, please check whether the setting "Show desktop website" or similar is set on your device. Please deactivate this, as the button is only displayed in the mobile version.
ElsterSmart
ElsterSmart is a mobile application that enables the use of an Elster certificate on mobile devices. It will be replaced by the hugely simplified ElsterSecure app.
No certificate file is required for ElsterSecure. The use of ElsterSecure is described in the section entitled App ElsterSecure.
ElsterSmart has already been replaced by ElsterSecure . ElsterSmart will no longer be available for login after 07/19/2023. You can then export your certificate and use it on a PC to log in. To do this, follow the section How do I export the certificate file from ElsterSmart?.
The use of ElsterSecure is described in the section entitled App ElsterSecure.
You can select the menu item "Settings" in the public area (before login) and in the private area (after login) of ElsterSmart via the three-line navigation ("Hamburger Menu"). After selecting the menu item "Settings", you have the option to select "Export certificate".
Following this selection, you must enter the password of your certificate file and click on "Start export". You will then receive a message confirming a successful export, which can be confirmed with "OK".
In the private area, it is not necessary to enter the password.
Note: In newer iOS versions (iPad, iPhone), iOS automatically moves the file to a certificate store. You cannot continue to usethe file from there. We, therefore, recommend exporting with a stationary device (PC, laptop).
Settings in the browser
For security reasons, the use of My BOP is prevented with a browser that blocks cookies.
Please refer to the documentation of your browser or the websites of the browser manufacturer to find out how you can activate cookies in your browser.
In addition, it is possible to allow cookies only for selected websites, if you want to do this for security reasons only for www.elster.de.
Note: My BOP uses only temporary cookies, also called session cookies, which are automatically removed from your computer after the browser is closed. These contain no personal data, but only the number of your current user session.
Problems using firewall or proxy
When using a Microsoft Proxys with NTLM or Windows integrated authentication, the access protection for access must be removed with https (port 443) on www.elster.de.
When using a firewall, access to the host www.elster.de, Port 443, Protocol TCP must be enabled.
Under Ubuntu Linux the log file of the firewall should be checked (for "Uncomplicated Firewall" this is /var/log/messages). If access to My BOP is blocked, you will find info as to which firewall rule is causing the blockage.
Type of login - change of certificate / certificate renewal
Each electronic certificate has a validity period. The expiration of a certificate is thus a normal process. The validity period begins with the issue of the certificate. For Certificate File and Security Stick, the validity period begins with the issue of the final certificate at step 2 of the registration. In this case the certificates are valid for 3 years. The validity period of a signature card usually begins when the card is produced during personalization.
If you have received an Email notifcation by My BOP about the upcoming expiration of your certificate in your certificate file or security stick, please simply log in. Your certificate will be renewed automatically.
If the validity period of your signature card expires soon, you can assign a different signature card to your user account. To do this you will need new activation data before the expiration of the previously used signature card, which you can request (after login) in the private area under "Services".
The following table shows the options for extending or changing your certificate. For technical reasons, not all variants can be offered.
From, to | Certificate file | Security Stick | Signature card |
---|---|---|---|
Certificate file | renewal | No change | No change |
Security Stick | change | Change + extension | No change |
Signature card | change | Change | Change ¹ |
¹ - It is not possible to renew the certificate stored on a signature card. You must purchase a new signature card to make this change. However, the issuer of your previous signature card can usually issue you a new card with a new validity period. Likewise, you can switch to a new signature card for authentication from another provider.
If you have logged in with a signature card, you can request activation data for your new certificate under "Forms / Services" and "Certificate change". You will receive the activation code in your inbox in My BOP, the activation ID will be sent to you by Email. Please save the document with the activation code from the inbox on your hard drive. You need this to complete the process in the public domain. If you want to switch to a certificate file, you can immediately complete the certificate change. You cannot complete the change to another signature card until you have received it. You can change the type of login or certificate in the public area under "My user account".
All user account settings, user details, profiles, drafts, and inbox messages are preserved.
At the time of the certificate change, no orders may be in progress. Save the received messages in the inbox on to your computer, and then perform the certificate change.
If the certificate is renewed, all data stored in your user account (drafts, inbox messages, settings, profiles) will remain unchanged.
You will be notified by Email several weeks before your certificate expires. If you use the login option with certificate file or security stick, it is recommended that you log in in a timely manner, at which time the certificate is automatically renewed. If you use the login option with a signature card, it is advisable to obtain a follow-up card from the issuer of your signature card at an early stage.
After a certificate has expired, it is no longer possible to log in to My BOP. Initially, you will no longer have access to your data in the private section. To be able to use My BOP again, you must renew your access. When you do this, new activation details will be sent to you (by post and e-mail), and you will receive a new certificate after entering these details. With this new certificate, you can now log into your user account again as usual. User accounts are not deleted automatically on expiry of a certificate.
Please note that queries regarding tax accounts and the necessary application for activation for tax account queries is only possible with a signature card. For example, if you change from a signature card to a certificate file, these services will no longer be available. Details on the permissions of each login option can be found in the section "Which type of registration is right for me?".
Renewing a certificate does not change permissions on the certificate file and security stick. With a signature card, it is not possible to extend the stored certificate. You must purchase a new signature card and change the certificate registered with My BOP.
It is recommended to complete the change as soon as possible. For technical reasons, there is no guarantee that the activation data will be valid for more than 30 days.
The change from a signature card to a security stick or a certificate file cannot be reversed. If you want to use a signature card again in the future, a new registration is necessary. In contrast, a direct change from one signature card to another is possible without re-registration.
1. Saving a new certificate
In the course of the certificate renewal, you will be offered a new certificate file for download. The created certificate file should be saved. If you use your browser in the default setting, your certificate will be stored in the browser's download directory. If a file with the same name already exists in the download directory, the file name of the new certificate file is assigned a serial number by the browser in order not to overwrite the existing file.
If you have set the option for manual selection of the storage location in the download settings of the browser, a browser dialog opens, and you can choose the storage location yourself. The option "Open" must not be selected here.
2. Move the file to a directory of your choice and note the location
3. Updating existing copies
If the certificate file extension is completed, the existing certificate file (pfx file) and its copies will no longer be functional. You must replace them with copies of your new pfx file. We strongly recommend that you make a backup copy of the new certificate file and keep it safe.
If you click on the "Extend Certificate" button, after entering your password, you will be offered the extended certificate as a new pfx file for download. Then you should log in immediately with the extended certificate.
If errors occur after clicking on the button "Extend Certificate", there is no cause for concern. In any case, you can either log in with your previous pfx file or with the already updated pfx file. First, try the updated pfx file. If this fails, use your existing pfx file and start the renewal process again.
The help area on the right side of the homepage of My ELSTER shows how long the certificate you have logged in with is still valid. If this date is more than two years in the future, the extended certificate was successfully imported.
The keys of your certificate are not changed by the import of the extended certificate. You can still read all the data that was encrypted with the old certificate and open the saved drafts.
Help for registration
There are currently three ways to register with My BOP. These differ according to the device or medium, through which the user Authentication is performed at log in:
- Login with certificate file
- Login with security stick
- Login with signature card
Technical information on the individual procedures can be found at Data Security / Security.
First of all, you should check which tax processes you want to process with My BOP before deciding on a registration type. Further information on the tax services offered in My BOP can be found under "Services".
In addition, the technical equipment of your computer is crucial. You need for
- Login option certificate file: no additional hardware
Login option security stick: a security stick (Online shop) and USB port
- Login option signature card: a supported signature card and a card reader
Technical information on the individual procedures can be found at Data Security / Security.
The download function of the browser is used to save the certificate file. Your certificate file is saved in the download directory of the browser in a file with the extension .pfx or .PFX. The default setting for the download directory for most browsers is the "Downloads" subdirectory of the home directory (for Windows, for example, C: \ users \ <User name>). You can, however, change the setting for the download directory of your browser in the browser settings.
If you cannot find the certificate file in the download directory, please perform step 2 of the registration process again. If you are using the Internet Explorer browser, please make sure you save the certificate file by saving the window that opens with “Would you like to open or save www.ester.de" then click on "Save". If you have previously clicked on "Open" or "Cancel", please repeat step 2 of the registration and click "Save" after the key is generated.
Questions about the login with identity card
There is no need for you to be sent the activation ID by e-mail or the activation code by post. You no longer have to wait several days to receive the activation code, and you get a user account in just a few minutes.
To be able to log in with your identity card, the eID function must be activated and you must have replaced the associated activation PIN (transport PIN) with a self-assigned PIN. Only then is your identity card activated. In addition, you need a suitable identity card reader and a certified driver. Further details on the identity card can be found on the website http://www.personalausweisportal.de.
Note on activation: Unfortunately, your identity card cannot be activated in My BOP. To do this, please contact the authority responsible for you (municipality or regional administrative office).
You can also use AusweisApp2 to activate your identity card. Further information on AusweisApp2 can be found at https://www.ausweisapp.bund.de/.
Yes, it is now possible to use the identity card to log in. No additional certificate file is required.
When using your identity card, the PIN can be entered incorrectly twice in succession. If the PIN has to be entered for a third time, it must be activated by entering the access number (CAN) beforehand. The access number (CAN) is imprinted on the front of the new identity card, on the right next to the expiry date.
When logging in with your identity card, the eID function is blocked if the eID PIN is entered incorrectly three times in succession. To unblock the eID function, you need your PUK, which the Bundesdruckerei sent to you by post. Please note that unblocking via PUK is unfortunately not possible in My BOP. To do this, please contact the authority responsible for you (municipality or regional administrative office). You can also use AusweisApp2 to reactivate your identity card via PUK. Further information on AusweisApp2 can be found at https://www.ausweisapp.bund.de/.
Unfortunately, the eID PIN of your identity card cannot be changed in My BOP. To do this, please contact the authority responsible for you (municipality or regional administrative office). You can also use AusweisApp2 to change the eID PIN of your identity card. Further information on AusweisApp2 can be found at https://www.ausweisapp.bund.de/.
Yes, My BOP supports the electronic residence permit (eAT).
Further information on the electronic residence permit can be found at http://www.bamf.de/DE/Willkommen/Aufenthalt/eAufenthaltstitel/e-aufenthaltstitel-node.html.
Internet Export declaration-Plus
The IAA-Plus can only be transmitted electronically via the Customs Portal. An electronic transmission via the BOP portal is not possible.
In connection with the introduction of ATLAS export (release 2.0), since May 4, 2009, it has been possible to fill out online export declarations and submit them with an electronic certificate if the export consignment is registered with a German export customs officet.
The Customs Administration uses the ELSTER certificate already accepted by all federal states for paperless tax returns, thus making it possible to waive the signature. With the electronic certificate, the customs authorities can determine from whom incoming export declarations originate and at the same time return all customs decisions for the transfer of goods in the export procedure back to the sender. For the first time, economic operators will be able to handle all major simplifications via the Internet in a completely paperless manner. The submission of a handwritten signed export declaration at the export customs office is no longer required. Replies from the export customs office will be sent to the person concerned.
Customs also offer the option of assigning a personal tax number to the customs number of the respective organization via a personal ELSTER certificate. Thus, an organization that cannot provide credentials (0.00 € values) can be "represented" by dedicated staff with a personal ELSTER certificate and personal tax number.
This must be requested and recorded via the following customs form: 0870 Participant master data, address entry and notification.
The tax number with which the ELSTER certificate was requested must be entered in box 22.
Thus, the requirement for the use of the IAA-Plus and the required condition that the taxpayer's ID must be deposited in the master data of the customs, which underlies the ELSTER certificate, in order to establish a connection between the IAA-Plus user and the certificate holder is fulfilled.
If you have technical questions about the IAA-Plus or problems using it, the Service Desk at the Centre for Information Processing and Information Technology is at your disposal.
- Phone: 0800/800-75451
- Email: servicedesk@itzbund.de