Password Reset verifications
-
- UpdatedAug 1, 2024
- 4 minutes to read
- Xanadu
- Password Reset Application
Each verification specifies the method and process for verifying the identity of the user that is requesting a password reset.
Verifications included with Password Reset
The Password Reset application includes the following verifications in the base system. You can create a verification based on either a base-system verification or a verification type (a template).
| QA verification | Implements a self-service Password Reset model with questions that are included with the base system or custom questions that the admin defines. While enrolling for the process, the user decides which questions to provide answers for.
Questions are presented in the language that the user requested during login. When a user requests a password reset, the system poses a specified number of the questions that the user selected during enrollment. The user must answer all
questions correctly to verify their identity.
For information on the user enrollment experience, see Enroll for the Password Reset program using questions and answers. This verification is based on the Security Questions verification type. |
| Email verification | This verification relies on auto-generated code numbers. You typically implement email verification as a self-service Password Reset model. When a user requests a password reset, the system sends a verification code to an email address that the user authorized during enrollment. To verify identity, the user then submits the code on the Password Reset Verify page. For information on the user enrollment experience, see Enroll for the Password Reset program using emailed codes. The Password Reset Windows Application supports email verification. This verification is based on the Email Code verification type. By default, a six-digit email verification code is sent to the user through email. The code expires in 10 minutes. Users can attempt to send another code after two minutes. A maximum of 10 email verification codes can be sent to a user in one day. |
| SMS verification | Implements a self-service or service desk-assisted Password Reset model that relies on auto-generated code numbers. When a user requests a password reset, the system sends a code to an SMS-capable device that the user has authorized. To verify identity, the user then submits the code on the Password Reset Verify page. You can use the ServiceNow Notify feature to send the codes. For information on the user enrollment experience, see Enroll for the Password Reset program using SMS codes. This verification is based on the SMS Code verification type. When users enroll for email or SMS verification on the Password Reset Enrollment page, they get a code to verify their email address or device. After the users enter the code and select Verify, an associated record is automatically created in the Password Reset Enrollment for Verifications [pwd_enrollment] table even before they select Submit. By default, a six-digit verification code is sent to the user's mobile device. The code expires in five minutes. Users can attempt to send another SMS verification code to the device after two minutes. A maximum of 10 codes can be sent to a particular device in one day. Note: While the record is created automatically in the Password Reset Enrollment for Verifications [pwd_enrollment] table for the email or SMS verification, the associated enrollment check script doesn’t get processed unless users select
Submit. |
| Authenticator verification | Password Reset model that relies on auto-generated code numbers. Users typically implement authenticator verification as a self-service Password Reset model. When a user requests a password reset, the user reads a code from the authenticator app on a device that the user has paired. To verify identity, the user then submits the code on the Password Reset Verify page. For information on the user enrollment experience, see Enroll for the Password Reset program using an authenticator. The Password Reset Windows Application supports Google Authenticator verification. This verification is based on the authenticator verification type. |
| Personal Data — Confirm Email Address | Implements a self-service Password Reset model that relies on user information that is available in the user profile on the instance. This verification is based on the Personal Data Confirmation verification type. Note: Users can't configure this verification for the processes with the active public access. |
| Personal Data — Enter User Name | Implements a self-service Password Reset model that relies
on user information that is available in the user profile on the instance. This verification is based on the Personal Data verification type. |
| Soft PIN Verification | Implements a self-service Password Reset model that relies on a Soft PIN that's a six-digit number. Users can enroll for the Soft PIN verification for a process and reset the Soft PIN. ServiceNow® Virtual Agent supports the Soft PIN verification method. |
On this page
Related Content
- Configure password expiration reminder
You can configure the password reset expiration reminder feature to send notifications to change or reset a user’s password whenever it is going to expire.
- Credential stores for Password Reset
Credential stores hold user information such as user names and passwords that can be used as login credentials. Examples include the User table [sys_user] or an Active Directory server.
- Configure your Password Reset process to auto-enroll users
To simplify management, many organizations auto-enroll users in the Password Reset program. Every base-system verification type enables you to specify automatic enrollment for your process.
- Enable users to enroll for Password Reset
To enable users to enroll for the Password Reset program, you specify a UI macro that takes the user through the enrollment process and a script that processes the enrollment data that the user entered. The base system includes a functioning macro and script.
- Configuring Password Reset properties
You can specify properties that configure the Password Reset experience for end users.
- Send email to remind users to enroll for Password Reset
You can automatically send messages that remind users to enrolled in the Password Reset process. You specify the text of the message and can configure the messages to repeat at intervals.
- Configure the required strength for passwords
The password that a user defines must meet certain requirements — for example, it must contain at least 12 characters, it must include a numeral, and so on. You can configure the requirements as needed for your organization.
- Specify lockout for failed login attempts
The system provides inactive script actions that enable you to specify the number of failed login attempts before a user account is locked and to reset the count after a successful login.
- Configure Google reCAPTCHA for the password reset process
To use the Google reCAPTCHA service, instances that are running on a domain other than service-now.com require an API key pair from Google.
- Create a custom Password Reset verification
Use a verification type in the base system as a template to design a custom verification. The Password Reset Windows Application does not support custom verifications.
- Create a Password Reset verification from an existing verification
The Password Reset application includes several example verifications that you can use as they are or as the basis for a custom verification. If the verification types in the base system do not meet your needs, you can create a custom verification type.