How are user passwords secured

solymyr
Kilo Expert

I was wondering if you could tell me more about the measures taken by Service-Now to protect and secure passwords from users. Where are these passwords stored? What kind of encryption is used? Were is to key for the encryption located....

3 REPLIES 3

Atul Kumar2
Giga Guru

Hi Soly,



The encryption key itself is encrypted with a key that is stored in the program, not in the database. and service now support below 3 format for encryption.



AES 128 Bit


AES 256 Bit


Tripple DES



If you want your instance to be encrypted for the user credentials then you can use the contextual encryption by enabling the below plugin.



Encryption Support.



Probably this link would be helpful.


Encryption Support - ServiceNow Wiki


Hope this helps you.



Regards,


Atul Kumar



Hi Atul,



Your post is helpful to know that Servicenow supports other encryptions for storing Discovery creentials. Can you please ellaborate how I can go for AES 128. Do I need to request SErvicenow to go for AES? Or this is something I can simply change some configuration in my instance. Kindly provide more details.


sergiu_panaite
ServiceNow Employee
ServiceNow Employee

Hi Soly,



The passwords used for local authentication are stored in ServiceNow instance database as element type "password and are hashed with "SHA-2" algorithm which is then "salted " to strengthen the protection.



Regards,