Password reset security questions expiration

jtorres · ‎05-11-2017

Hello everyone.

We recently implemented Password Reset in our company and we're using the security questions verification as mandatory, our users have to select 5 questions when they enroll in the Password Reset process, 3 of which are displayed to them when they have to verify themselves, in order to be able to reset their password.

Security team was wondering, is there a way for us to set an expiration date or something like that to those verification questions? for example, "after 6 months of being enrolled into the process the user has to change its security questions" or something like that.

I couldn't find anything in the subject. So anykind of info is appreciated.

Thanks and regards.

sachin_namjoshi · ‎05-11-2017

Hi,

As of now, only following system properties are available for password reset.

Configure Password Reset properties

But, there is no system property to change security questions every 6 months.

You will have to implement custom logic for prompting user to change security questions every 6 months.

Regards,

Sachin

jtorres · ‎05-11-2017

Thanks for your answer Sachin, I understand. In that case my question changes

Do you have any idea of how could we do that? How can we add that feature to our process or our instance?

@all Community: Has anyone implemented anything to add an expiration to security questions?

Regards!.

sachin_namjoshi · ‎05-11-2017

In password reset process, user need to enroll first and record is created in pwd_enrollment table.

http://wiki.servicenow.com/index.php?title=Enrolling_in_Password_Reset#gsc.tab=0

You can create scheduled script to clean user enrollement records from pwd_enrollment table every 6 months so that users will have to enter new security questions and answers every 6 months.

Regards,

Sachin