Hopp til hovedinnhold
Hopp over innholdsfortegnelsen

Beste praksis for passordadministrasjon ved bruk av ID-porten

This guide provides best-practice recommendations for managing user passwords, focusing on replacing legacy SMS methods with the more secure and user-friendly ID-porten service.

Oversikt

Historically, many organizations have used SMS for password distribution and recovery. We strongly recommend phasing out this method. Distributing passwords via SMS is insecure and creates a difficult experience for the user.

By using ID-porten, you can eliminate these issues and improve the overall process for password management. We have two key recommendations.

Recommendation 1: Replace SMS for Password Recovery

Our primary recommendation is to stop using SMS as an option for password recovery.

  • The Problem with SMS: Security policies now require long and complex passwords. It is very difficult for a user to correctly receive and type a password like Xe6W3DpqNmTeEEYh from an SMS message.

  • The Solution with ID-porten: Using ID-porten is much simpler. It allows employees who have forgotten their password to securely verify their identity and set a new password themselves.

Contact Identum support and request to have the SMS password recovery option deactivated for your organization.

Recommendation 2: Improve Onboarding for New Users

Instead of sending complex initial passwords to new employees via SMS, use ID-porten to create a better first-time login experience.

  1. Send a Link, Not a Password: Send the new employee an SMS containing a direct link to the "Forgot Password" page.

  2. User Self-Service: The user clicks the link, authenticates with their personal ID-porten identity, and immediately chooses their own password for their new work account.

  3. Combine with Email: For the best results, supplement the SMS with a welcome email that provides more detailed information about their new account and resources.

Example Workflow Message

Below is an example of an SMS message that directs a new user to activate their account using this workflow.

Hello,

Welcome to Utfjord municipality!

A user account has been created for you. Please go to the following link to activate it:

https://mega.eadm.no/#/pw/NO230278234

More information has been sent to your private email address.

Regards, Utfjord IT

JavaScript-feil oppdaget

Vær oppmerksom på at disse feilene kan avhenge av nettleseroppsettet ditt.

Hvis problemet vedvarer, vennligst kontakt vår support.

Kontakt Support Lukk