The purpose of blocking a user from resetting their password after successful reset

anniec
Tera Contributor

‎02-28-2024 09:07 AM

We recently had a couple users run into the same issue of forgetting their password after they just unlocked their account. So after successfully resetting their password, a few hours later they try to reset their password again. This led to them receiving emails that told them they're not able to access due to account being blocked.

 

After searching I found this article: Unable to reset the password of a user the second ... - ServiceNow Community

So now I know that there is a Reset Password property called "Number of minutes a user needs to wait to reset/change password after the last successful reset/change" and "unlock account". We want to reduce this time from the default 24 hours, but before I do, I wanted to know why this feature was added. 

 

What is the purpose of blocking a user from resetting their password again after a successful reset? Is it a security concern? If it is there to stop certain kinds of cyber attack, I'd like to know that so we can make the decision fully informed. 

0 Helpfuls
  • 705 Views
2 REPLIES 2

Sumanth16
Kilo Patron

‎02-28-2024 09:41 AM

Hi @anniec ,

 

Please refer to below thread:

https://www.servicenow.com/community/developer-forum/i-would-like-to-know-the-checking-mechanism-whe...

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0745424

 

If I could help you with your Query then, please hit the Thumb Icon and mark it as Correct !!

 

Thanks & Regards,

Sumanth Meda

0 Helpfuls

anniec
Tera Contributor
In response to Sumanth16

‎02-28-2024 10:07 AM

Hi @Sumanth16

Thanks for responding. I did also see the first doc, but it only has the same information as the official docs, and not the rationale behind why this option is there.

The 2nd article is about password history limit and not about a user needing to wait before they can reset their password after a successful reset.

0 Helpfuls