Enable a deny-list password validation check

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 2분

    • Manage the deny-list passwords in the Excluded Password table.

    Use the glide.enable.blacklist_password property to monitor deny-list passwords. When the property is set to true, the user's password is checked against a specific list of deny-listed passwords. This denial prevents users from using a password from a set of breached passwords. You can maintain the list by inserting passwords into the Excluded Password [blacklisted_password] table. ServiceNow provides a small, medium, or large password list that can be inserted to the Excluded Password table through the UI page found at All > Password Policy > Exclusion List Management. ServiceNow installs the small list of 5,000 passwords to new instances.

    Ensure that the glide.enable.blacklist_password system property is set to true and that the Excluded Password [blacklisted_password] table contains a minimum of 5,000 records.

    More information

    Attribute Description
    Configuration name glide.enable.blacklist_password
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value true
    Default value true
    Fallback Value false
    Category Authentication
    Security risk
    • Severity score: 5.9
    • CVSS score: Medium
    • Security risk details: Attackers often target commonly used or previously exposed passwords. This can lead to account compromise through credential stuffing or brute-force attacks. Enforcing deny-listed password checks strengthens authentication security and reduces exposure to credential-based attacks.
    Functional Impact Some users may have difficulty selecting a password.
    Dependencies and prerequisites None
    References Exclude passwords through password policies on your instance