Password Policy Help

joelmcm · ‎06-08-2023

Hi all,

Is there a way to update the password policy to include a maximum length of 5 lowercase characters?

The full requirements:

Minimum Password Length: 8
Minimum Uppercase Characters: 1
Maximum Lowercase Characters: 5
Minimum Numeric Characters: 1
Minimum Special Characters: 1

Thanks!

Saurav11 · ‎06-08-2023

Hello,

Change your password strength preset to custom then you will be able to update it.

Please mark my answer as correct based on Impact.

joelmcm · ‎06-08-2023

Hi,

Thanks for your reply, however I have tried this. There is no option for Maximum Lowercase Characters.

Is there any way this can be done?

tannerro · ‎01-20-2024

For anyone looking for a more elaborate policy password, in particular rule 7, to exclude any passwords that contain certain words (foo or bar). This behaves differently to the excluded password list of direct matches.

//ADD RULES LIKE THIS 'var rule1 = {'hint': gs.getMessage('Minimum 8 characters'),'regex':'^.{8,}$'};' 
//AND PUSH THEM IN THE RULES ARRAY FOR ADDING NEW RULES.  
(function executePasswordRuleScript() { 
var rules = new Array(); 
var rule1 = {'hint': gs.getMessage('Minimum 9 characters'),'regex':'^.{9,}$'}; 
var rule2 = {'hint': gs.getMessage('Minimum 1 lowercase character'),'regex':'((.*?[a-z]).*?)'};
var rule3 = {'hint': gs.getMessage('Minimum 1 uppercase character'),'regex':'((.*?[A-Z]).*?)'}; 
var rule4 = {'hint': gs.getMessage('Minimum 1 number'),'regex':'((.*?[0-9]).*?)'};  
var rule5 = {'hint': gs.getMessage('Minimum 1 special character'),'regex': '((.*?[@$#!%^&*]).*?)'};
var rule6 = {'hint': gs.getMessage('Maximum 100 characters'),'regex':'^.{0,100}$'}; 
var rule7 = {'hint': gs.getMessage('Do not include "rest" or "super"'),'regex': '(?i)^((?!foo|bar).)*$'}; 
rules.push(rule1, rule2, rule3, rule4, rule5, rule6, rule7); 
return rules; 
})();

chetanb · ‎01-20-2024

Hello @joelmcm

Have a look -https://docs.servicenow.com/bundle/vancouver-platform-security/page/integrate/authentication/task/enable-password-policies.html

Note: The Password Policy plugin (com.glide.password_policy) is enabled by default. The policy goes into effect when a user changes or resets the password.

The Password Strength Preset field is automatically set to Default Strong. If you want to add new criteria, you can perform the following procedure.

Procedure

Navigate to All > Password Policy > Password Policies.

Click New.

Specify the Name for your password policy.

In the Password Policy Criteria section, select one of the following presets from the Password Strength Preset field.

5. To change the password policy navigate to All > Password Reset > Credentials Stores, select the credentials

PFB for password change policy.

Please mark my answer correct and helpful if it solves your problem.

Regards,