What We Are Learn On This Post
Test Case For One time Password: In this post, we discuss test cases for OTP (one-time-password). To write the test cases for the OTP, we need to understand how the system works.
The OTP system works on both email and SMS on a mobile device. Depending on where you wish to test it, the test cases will be different. Let’s first discuss how the OTP works in general.
Post On: | Test Case For One-time Password (OTP) |
Post Type: | Test Case Template |
Published On: | www.softwaretestingo.com |
Applicable For: | Freshers & Experience |
Join Here For Updates | Testing Telegram Group |
What is OTP?
OTP is an abbreviation of the one-time password. OTP is used for the verification of mobile numbers or emails. Mostly OTP is widely worldwide used for registration and the transfer of payments.
How does it Work?
OTP one-time password is generated and sent to the user on a mobile number or on an email address. The user adds the OTP code and verifies itself.
Why use OTP?
- OTP is used to verify the user.
- OTP reduce the chances of fraud by sending OTP on the mobile number to the user on a physical device.
- Easy and Instant user registration and login.
- Secure payments
How OTP works for Authentication
Let’s assume the OTP system is implemented on the handicraft store online. Users purchase a product and proceed to pay for it. And when he reaches the payment section, the system asks for the debit card or net banking details. Once he enters that into the system, the OTP is triggered.
The SMS message is sent from the server to the user’s mobile phone. When a user comes the code into the system, it is sent to the server. Once it reaches the server, then the code is then matched with the system entry. If it matches, the system allows the user to mark the transaction as successful. If the code doesn’t match, then the transaction is denied.
You can check out the image below to see how the normal SMS-based OTP system works. If you replace SMS with email, still the system should work in the flow displayed in the image.
Test Cases For OTP
- Check the generated OTP is valid from one time or not.
- Check is there any limitation for Generating the one-time password for single authentication.
- Check if the one-time password is generated within the time period or not.
- Check the number of times the one-time password code generated should not be more than required as per the requirement document.
- Check the OTP is delivered to the requested user within time or not.
- Check the one-time password (OTP) should be delivered to the registered email id or contact number.
- Check the time duration in which the user received the OTP-generated code sent by email.
- Check the time duration in which the user received the OTP-generated code sent on mobile.
- Check by providing the OTP, the application must accept the code successfully.
- Check the number of times a user can enter the invalid OTP.
- Check OTP code should expire after the time allowed by the application or software.
- Check if the user is able to log in with the expired OTP.
- Check after multiple invalid tries, verify that the system temporarily blocks the account.
- Check by entering the invalid Phone Number or E-Mail address and submit the OTP. Check the validation.
- Check when the user receives multiple OTP, with the last received password the user should be able to login into the application.
- Check on entering the valid OTP, correct info message is displaying or not.
- Check on entering the invalid OTP, error info message is displaying or not.
- Check if the user can request a new OTP code by clicking on the link or button resend code.
- Check if the user should be temporarily blocked or not in case it requests for new OTP code again and again.
- Check the OTP is case sensitive or not.
- Check the one-time password is only numeric or alphanumeric.
- Check is there any pause time to resent the OTP again.
Conclusion
These are some of the test scenarios and cases that you can try for the OTP system. Most of the OTP systems these days are used in E-commerce and bank applications. You may find the cases will be different based on the type of OTP module used.
If you think I have missed any test scenarios or test cases, then do let me know in the comments. I’d appreciate it if you share the post on social media.
check whether the bypass notification is not work in Application.
In server, The otp is expiry time should not be match in Client Application Time.
Check if We Requested more than one otp. if We Entered the previous otp then it should work.
if two Application make a request at a time it should be come 1 otp or none.
Here should be one more test scenario in which i will first send the otp and without fillng the otp i will click on back button and then forward button.
Result:- phone number field should be empty and after entering the field New otp should be generated.