eADM
eADM
Breadcrumbs

Best Practices for Password Management Using ID-porten

This guide provides best-practice recommendations for managing user passwords, with a focus on replacing legacy SMS methods with the more secure and user-friendly ID-porten service.


Overview

Historically, many organizations have used SMS for password distribution and recovery. We strongly recommend phasing out this method. Distributing passwords via SMS is insecure and creates a poor user experience.

By using ID-porten, you can eliminate these issues and improve the overall password management process. We have two key recommendations.


Recommendation 1: Replace SMS with Password Recovery

Our primary recommendation is to stop using SMS as a method for password recovery.

  • The Problem with SMS: Security policies now require long and complex passwords. It is very difficult for a user to correctly receive and type a password like Xe6W3DpqNmTeEEYh from an SMS message.

  • The Solution with ID-porten: Using ID-porten is much simpler. It allows employees who have forgotten their password to securely verify their identity and reset their password themselves.


Contact Identum support and request that the SMS password recovery option be disabled for your organization.


Recommendation 2: Improve the onboarding process for new users

Instead of sending complex initial passwords to new employees via text message, use ID-porten to create a better first-time login experience.

  1. Send a Link, Not a Password: Send the new employee a text message containing a direct link to the "Forgot Password" page.

  2. User Self-Service: The user clicks the link, authenticates using their ID-porten identity, and immediately sets their own password for their new work account.

  3. Combine with Email: For best results, follow up the SMS with a welcome email that provides more detailed information about their new account and available resources.


Example Workflow Message

Below is an example of an SMS message that instructs a new user to activate their account using this workflow.

Hello,

Welcome to Utfjord Municipality!

A user account has been created for you. Please click the following link to activate it:

https://mega.eadm.no/#/pw/NO230278234

More information has been sent to your personal email address.

Best regards, Utfjord IT