Custom Password Requirements

Steven Herrmann · ‎01-19-2022

Hey there Everyone,

I was hoping to pick the brains of some great developers here to get some help and insights as to how to go about creating some very specific custom password requirements.

Here are the requirements:

1) Must be configured for immediate reset upon first use.

2) Must not be intentionally reset more than six (6) times in order to be set back to the original expired password.

3) Must not be comprised solely of a word that can be found in a dictionary.

4) Must not include data such as information about the user's family, pets, birthdays, addresses, phone numbers, locations, season/year, month/year, etc.

5) Must not include easily guessed terms such as "password" or obvious keyboard sequence (e.g. qwerty, 12345678, etc.).

Thank you all very much for any assistance you can provide in advance!

Hitoshi Ozawa · ‎01-20-2022

Following page contains information on properties that can be set on password policy.

1) set glide.apply.password_policy.on_login

5) glide.enable.blacklist_password

https://docs.servicenow.com/bundle/rome-platform-administration/page/integrate/authentication/refere...

Hitoshi Ozawa · ‎01-20-2022

"Password Reset" > "Credential Stores" offers other functionalities.

2) "Enforce history policy"

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0745424

3) "Enable password strength"

4) would be difficult because there would be a need to get personal information about the user.

A script may be written to check if the password is one of the personal information.

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0726960

Pamela Johnson · ‎09-16-2024

@Hitoshi Ozawa Would you please elaborate on your answer for item 3) Must not be comprised solely of a word that can be found in a dictionary. I have the same requirement. Thank you.