Password Reset release notes

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Password Reset Release Notes Washington DC

    The ServiceNow® Password Reset application facilitates password management by allowing end users to reset and change their passwords through self-service or with assistance from service desk agents. The Washington DC release introduces several enhancements to improve security and user experience.

    Show full answer Show less

    Key Features

    • Soft PIN Expiration Settings: Administrators can configure expiration settings for Soft PINs, including setting the expiration period and sending reminder notifications to users.
    • Security Score Monitoring: Administrators can view the security score of their Password Reset processes, receiving notifications for potential improvements based on configuration assessments.
    • Reset Password Email Limits: Use the passwordreset.request.maxemail property to control how many reset links a user can receive via email within 24 hours.
    • Access Restrictions: The Self-Service and Service Desk Password Reset experience for securityadmin users is now restricted to enhance security measures.
    • Deprecation of 3DES: The use of 3DES encryption and decryption in Password Reset workflows has been deprecated.

    Key Outcomes

    With these enhancements, ServiceNow customers can expect a more secure and user-friendly password management experience. Administrators will have better control over password policies and security assessments, ultimately leading to improved compliance and risk management within their organizations.

    The ServiceNow® Password Reset application helps your end users reset and change their passwords either using self-service or with the help of a service desk agent. Password Reset was enhanced and updated in the Washington DC release.

    Password Reset highlights for the Washington DC release

    • Let your users experience the improved security of Soft PIN conforming to its expiration. As a Password Reset administrator, configure the Soft PIN expiration settings for an assured and secured Soft PIN enrollment.
    • View the security score for your Password Reset processes. Based on the score, you get notifications for potential configuration improvements to the processes.
    • Use the password_reset.request.max_email property to set the maximum number of times a user can receive the "Reset Password" link through email, in a span of 24 hours.

    See Password Reset for more information.

    New in the Washington DC release

    Experience improved expiration settings of Soft PIN

    Give your users the experience of secured Soft PIN enrollment. While enrolling for the Soft PIN verification, they can view the number of days in which the Soft PIN expires. While resetting the Soft PIN, users view the rules that their Soft PIN must comply with. Also, users get email and ServiceNow® Virtual Agent notifications when their passwords are about to expire.

    As a Password Reset administrator, you can configure the Soft PIN expiration settings such as setting the number of days when the passwords expire, the frequency of sending password expiration reminder emails, and history policies on Soft PIN.

    These settings are enabled by default even if you've upgraded Password Reset from the previous version.

    View the security score for your Password Reset processes

    View the security score for your Password Reset processes. Based on the score, you get notifications for potential configuration improvements to the processes.

    While creating the Password Reset process, view security scores for the process. If you see any deviations between the maximum attainable and current scores, you get an email with an actionable list of recommendations to improve the configuration. You get informative messages indicating whether the process configuration is ideal.

    Evaluate configurations for identification and verification steps. If your configurations are less secure, get process-wise actionable suggestions on how to improve the strength.

    Note:
    Starting Washington DC, the Self-Service or the Service Desk Password Reset Experience is restricted for security_admin users. Only a user with the security_admin role can set the password of another security_admin user using the sys_user record to further enhance the security.

    Deprecations

    The 3DES encryption and decryption have been deprecated in the Password Reset flows and workflows.

    Activation information

    Password Reset is a ServiceNow AI Platform feature that is active by default.

    Related ServiceNow applications and features

    Virtual Agent
    Learn more about Virtual Agent support for Password Reset. For more information, see Password Reset for Virtual Agent.
    Password Reset Windows Application
    The ServiceNow® Password Reset Windows Application enables a user who forgets their password or is locked out of a Windows computer to reset the password directly from the Windows login screen.