Test Case For One time Password OTP Test Cases Template
In this post, we discuss test cases for OTP (one-time-password). To write the test cases for the OTP, we need to understand how the system works.
The OTP system works on both email and the SMS on a mobile device. Depending on where you wish to test it, the test cases will be different. Let’s first discuss how the OTP works in general.
|Test Scenario Overview|
|Post On:||Test Case For One-time Password (OTP)|
|Post Type:||Test Case Template|
|Applicable For:||Freshers & Experience|
How OTP works for Authentication
Let’s assume the OTP system is implemented on the handicraft store online. Users purchase a product and proceed to pay for it. And when he reaches the payment section, the system asks for the debit card or net banking details. Once he enters that into the system, the OTP is triggered.
The SMS message is sent from the server to the user mobile phone. When a user comes the code into the system, it is sent to the server. Once it reaches the server, then the code is then matched with the system entry. If it matches, the system allows the user to mark the transaction as successful. If the code doesn’t match, then the transaction is denied.
You can check out the image below to see how the normal SMS based OTP system works. If you replace SMS with email, still the system should work in the flow displayed in the image.
Here are some of the OTP Test Case
- What are the limitations of the OTP generation?
- How much delay should be there for the OTP message to arrive before requesting a new OTP?
- How should much network delay be considered for OTP expiry?
- How long does OTP validity stay assuming the addition of network delay?
- Which session requires OTP authentication?
- Does the application require OTP to login?
- Does the application require OTP for the transaction?
- Is the code in OTP cases sensitive?
- Is the content of OTP numeric only?
- Does the OTP characters only?
- Does the OTP alphanumeric?
- Does the OTP accept any other characters?
- Does the OTP expiry time match with that of the timer on the website?
- Does the OTP release on the server matches with the OTP received?
- Does the OTP with character content have all capital case letters?
- Does the OTP have mixed characters in the SMS?
- Does the OTP have all the small letters?
- Does the OTP SMS content case sensitive?
- Does the OTP SMS content case matters while typing on the text field?
- Is there any documentation for the OTP SMS or message?
- Does the OTP SMS or message usable only for a single session?
- Does the OTP system stand replay attacks?
- Does the OTP system require a static password system or module?
- Does the OTP system based on random number generation?
- Are the numbers in OTP predictable?
- Are the numbers in OTP pseudo-random?
Scenarios to Test OTP (One-Time Password)
- OTP should be generated within the time period.
- Limitations of the number of OTP generation for single authentication.
- It is received only on registered Mobile Number / E-mail Address.
- Network delay for expiry of One-Time Password.
- Verify that once expired, it should not be used for any authentication.
- Verify that once used, it should not be allowed to use again.
- Verify that resend OTP functionality is working correctly.
- Verify that once user resent the OTP, the old one should be of no use.
- Availability of Help and Documentation Link for OTP usage.
- Verify for Case Sensitiveness.
- Check for types of characters OTP supports: Only Digits, Only Alphabets, Alphanumeric.
- How many times can a user provide invalid OTP?
- After multiple invalid tries, verify that system temporarily blocks the account.
- Verify that after the temporary blocking of account, the system does not send the one-time password.
- Provide an invalid Phone Number or E-Mail address and submit the OTP. Check the validation.
- Are the one-time password patterns predictable?
|Tasks To Improve Your Knowledge|
|Let We Inform you, For improves your knowledge you can take the above as a task and you can work on that. But from the above task list some of the tasks we have already completed and you can find those on our blog. After Completion if you want to share with us that then you can write to us at firstname.lastname@example.org.
In return for that maybe we plan something more surprising for your career.
These are some of the test scenarios and cases that you can try for the OTP system. Most of the OTP systems these days are used in E-commerce and bank applications. You may find the cases will be different based on the type of the OTP module used.
If you think I have missed any test scenarios or test cases, then do let me know in the comments. I’d appreciate it if you share the post on social media.