Set minimal password length to avoid compliance issues and reduce the risk of a successful brute force attack.
Password Policy plugin (com.glide.password_policy) is enabled by default. The policy goes into effect when a user changes or resets the password. The Password Strength Preset field is automatically set to Default Strong.
For Default Strong , OOB Minimum password length is 8.
ServiceNow recommends to enforce a minimum password length of at least 12 characters to avoid compliance issues and reduce the risk of a successful brute force attack
For that open the record on the Password Policy [password_policy] record table and set the Minimum Password Length field to at least 12. You can find the associated Password Policy record in the Password policy field of the Password Reset Credential Store [pwd_cred_store] record.
