Skip to main content
Skip table of contents

Best Practices for Password Management Using ID-porten

This guide provides best-practice recommendations for managing user passwords, focusing on replacing legacy SMS methods with the more secure and user-friendly ID-porten service.

Overview

Historically, many organizations have used SMS for password distribution and recovery. We strongly recommend phasing out this method. Distributing passwords via SMS is insecure and creates a difficult experience for the user.

By using ID-porten, you can eliminate these issues and improve the overall process for password management. We have two key recommendations.

Recommendation 1: Replace SMS for Password Recovery

Our primary recommendation is to stop using SMS as an option for password recovery.

  • The Problem with SMS: Security policies now require long and complex passwords. It is very difficult for a user to correctly receive and type a password like Xe6W3DpqNmTeEEYh from an SMS message.

  • The Solution with ID-porten: Using ID-porten is much simpler. It allows employees who have forgotten their password to securely verify their identity and set a new password themselves.

Contact Identum support and request to have the SMS password recovery option deactivated for your organization.

Recommendation 2: Improve Onboarding for New Users

Instead of sending complex initial passwords to new employees via SMS, use ID-porten to create a better first-time login experience.

  1. Send a Link, Not a Password: Send the new employee an SMS containing a direct link to the "Forgot Password" page.

  2. User Self-Service: The user clicks the link, authenticates with their personal ID-porten identity, and immediately chooses their own password for their new work account.

  3. Combine with Email: For the best results, supplement the SMS with a welcome email that provides more detailed information about their new account and resources.

Example Workflow Message

Below is an example of an SMS message that directs a new user to activate their account using this workflow.

Hello,

Welcome to Utfjord municipality!

A user account has been created for you. Please go to the following link to activate it:

https://mega.eadm.no/#/pw/NO230278234

More information has been sent to your private email address.

Regards, Utfjord IT

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close