Using Password (2 Way Encrypted) type field to store instance login password - Support and Troubleshooting

Using Password (2 Way Encrypted) type field to store instance login password Issue Users occasionally ask if the field type used to hold the users' login passwords may be changed to Password (2 Way Encrypted) type or not. This document provides specifics regarding the same's viability.

Details The default procedure is to log in using the username and password listed in the sys user record when there are no SSO or LDAP connections available for authenticating the user to a ServiceNow instance. The Password (1 Way Encrypted) type describes the password field. It is therefore One Way Encrypted and impassable to decryption.

ServiceNow, however, offers a different kind of field, called Password (2 Way Encrypted). Passwords are stored in this text field using two-way encryption. A secure encrypted value that can be decrypted programmatically within the instance is how two-way encryption stores the password. Form variables can be encrypted using Password 2 technology. Reference: Password (2 Way Encrypted) design considerations

It would not be advisable for the customer to switch the field type from 1-way encryption to 2-way decryption. It appears that there is no way to switch the password field to another field. This cannot be customized because it is internal.

Related Links Here is some product documentation that is available for the field types and configuring the 2 Way Encryption field for various uses.

Field Types Encryption Contexts