Otp Test Cases: In this post, we discuss test cases for OTP (one-time password). To write the test cases for the OTP, we need to understand how the system works.
The OTP system works on both email and SMS on a mobile device. Depending on where you wish to test it, the test cases will be different. When you go for an interview then you may face the same questions in different manners like otp test cases, test cases for otp, otp verification test cases, test cases for otp verification, otp testing, otp test scenarios, and many more. Let’s first discuss how the OTP works in general.
|Post On:||OTP Test Cases|
|Post Type:||Test Case Template|
|Applicable For:||Freshers & Experience|
|Join Here For Updates||Testing Telegram Group|
What is OTP?
OTP is an abbreviation of the one-time password. OTP is used for the verification of mobile numbers or emails. Mostly OTP is widely worldwide used for registration and the transfer of payments.
How does it Work?
OTP one-time password is generated and sent to the user on a mobile number or on an email address. The user adds the OTP code and verifies it.
Similar Test Cases
- Test Case For Login Attempts
- Test Case For Login Page
- Test Case For Logout Page
- Test Case For Online Book Shopping
- Test Case For Online Editor
- Test Case For Online Examination System
Why use OTP?
- OTP is used to verify the user.
- OTP reduces the chances of fraud by sending OTP on the mobile number to the user on a physical device.
- Easy and Instant user registration and login.
- Secure payments
How To Test OTP Verification?
Let’s assume the OTP system is implemented on the handicraft store online. Users purchase a product and proceed to pay for it. And when he reaches the payment section, the system asks for the debit card or net banking details. Once he enters that into the system, the OTP is triggered.
The SMS message is sent from the server to the user’s mobile phone. When a user comes the code into the system, it is sent to the server. Once it reaches the server, then the code is then matched with the system entry. If it matches, the system allows the user to mark the transaction as successful. If the code doesn’t match, then the transaction is denied.
You can check out the image below to see how the normal SMS-based OTP system works. If you replace SMS with email, still the system should work in the flow displayed in the image.
Test Cases For OTP
- Check whether the generated OTP is valid from one time or not.
- Check if is there any limitation for Generating the one-time password for single authentication.
- Check if the one-time password is generated within the time period or not.
- Check the number of times the one-time password code generated should not be more than required as per the requirement document.
- Check whether the OTP is delivered to the requested user within time or not.
- Check the one-time password (OTP) should be delivered to the registered email id or contact number.
- Check the time duration in which the user received the OTP-generated code sent by email.
- Check the time duration in which the user received the OTP-generated code sent on mobile.
- Check by providing the OTP, the application must accept the code successfully.
- Check the number of times a user can enter the invalid OTP.
- Check OTP code should expire after the time allowed by the application or software.
- Check if the user is able to log in with the expired OTP.
- Check after multiple invalid tries, and verify that the system temporarily blocks the account.
- Check by entering the invalid Phone Number or E-Mail address and submit the OTP. Check the validation.
- Check when the user receives multiple OTP, with the last received password the user should be able to login into the application.
- Check on entering the valid OTP, and whether the correct info message is displaying or not.
- Check on entering the invalid OTP, the error info message is displaying or not.
- Check if the user can request a new OTP code by clicking on the link or button resend code.
- Check if the user should be temporarily blocked or not in case it requests for new OTP code again and again.
- Check whether the OTP is case-sensitive or not.
- Check if the one-time password is only numeric or alphanumeric.
- Check if is there any pause time to resent the OTP again.
These are some of the test scenarios and cases that you can try for the OTP system. Most of the OTP systems these days are used in E-commerce and bank applications. You may find the cases will be different based on the type of OTP module used.
If you think I have missed any test scenarios or test cases, then do let me know in the comments. I’d appreciate it if you share the post on social media.