How are user passwords secured

solymyr
Kilo Expert

‎04-20-2016 07:33 AM

I was wondering if you could tell me more about the measures taken by Service-Now to protect and secure passwords from users. Where are these passwords stored? What kind of encryption is used? Were is to key for the encryption located....

0 Helpfuls
  • 5,009 Views
3 REPLIES 3

Atul Kumar2
Giga Guru

‎04-20-2016 07:51 AM

Hi Soly,



The encryption key itself is encrypted with a key that is stored in the program, not in the database. and service now support below 3 format for encryption.



AES 128 Bit


AES 256 Bit


Tripple DES



If you want your instance to be encrypted for the user credentials then you can use the contextual encryption by enabling the below plugin.



Encryption Support.



Probably this link would be helpful.


Encryption Support - ServiceNow Wiki


Hope this helps you.



Regards,


Atul Kumar



bhanupratap2203
Kilo Expert
In response to Atul Kumar2

‎12-19-2017 08:10 AM

Hi Atul,



Your post is helpful to know that Servicenow supports other encryptions for storing Discovery creentials. Can you please ellaborate how I can go for AES 128. Do I need to request SErvicenow to go for AES? Or this is something I can simply change some configuration in my instance. Kindly provide more details.


0 Helpfuls

sergiu_panaite
ServiceNow Employee
ServiceNow Employee

‎04-20-2016 07:59 AM

Hi Soly,



The passwords used for local authentication are stored in ServiceNow instance database as element type "password and are hashed with "SHA-2" algorithm which is then "salted " to strengthen the protection.



Regards,