OTP Test Cases: This post discusses test cases for OTP (one-time password). To write the test cases for the OTP, we need to understand how the system works.
The OTP system works on both email and SMS on a mobile device. The test cases will differ depending on where you wish to test them. When you go for an interview, you may face the same questions in different manners like otp test cases, test cases for otp, otp verification test cases, test cases for otp verification, otp testing, otp test scenarios, and many more. Let’s first discuss how the OTP works in general.
|Post On:||OTP Test Cases|
|Post Type:||Test Case Template|
|Applicable For:||Freshers & Experience|
|Join Here For Updates||Testing Telegram Group|
What is OTP?
OTP is an abbreviation of the one-time password. OTP is used for the verification of mobile numbers or emails. Mostly OTP is widely used worldwide for registration and the transfer of payments.
How does it Work?
OTP one-time password is generated and sent to the user via a mobile number or email. The user adds the OTP code and verifies it.
Why use OTP?
- OTP is used to verify the user.
- OTP reduces the chances of fraud by sending OTP on the mobile number to the user on a physical device.
- Easy and Instant user registration and login.
- Secure payments
How To Test OTP Verification?
Let’s assume the OTP system is implemented on the handicraft store online. Users purchase a product and proceed to pay for it. And when he reaches the payment section, the system asks for the debit card or net banking details. Once he enters that into the system, the OTP is triggered.
The server sends the SMS message to the user’s mobile phone. When a user comes the code into the system, it is sent to the server. Once it reaches the server, the code is matched with the system entry. If it matches, the system allows the user to mark the transaction as successful. If the code doesn’t match, then the transaction is denied.
You can check the image below to see how the normal SMS-based OTP system works. If you replace SMS with email, the system should still work in the image’s flow.
Test Cases For OTP
- Check whether the generated OTP is valid from one time or not.
- Check for any limitation for Generating the one-time password for single authentication.
- Check if the one-time password is generated within the specified period or not.
- Check the number of times the one-time password code generated should not be more than required per the requirement document.
- Check whether the OTP is delivered to the requested user within time.
- Check the one-time password (OTP) should be delivered to the registered email id or contact number.
- Check the duration the user received the OTP-generated code sent by email.
- Check the time duration in which the user received the OTP-generated code sent on mobile.
- Check by providing the OTP; the application must accept the code successfully.
- Check the number of times a user can enter an invalid OTP.
- Check OTP code should expire after the application or software allows it.
- Check if the user can log in with the expired OTP.
- After multiple invalid tries, verify that the system temporarily blocks the account.
- Check by entering the invalid Phone Number or E-Mail address and submit the OTP. Check the validation.
- Check when the user receives multiple OTP. With the last received OTP, the user should be able to login into the application.
- Check on entering the valid OTP and whether the correct info message is displaying.
- Check on entering the invalid OTP; the error info message is displaying or not.
- Check if the user can request a new OTP code by clicking the link or button to resend the code.
- Check if the user should be temporarily blocked or not in case it requests for new OTP code again and again.
- Check whether the OTP is case-sensitive or not.
- Check if the one-time password is only numeric or alphanumeric.
- Check if there is any pause time to resent the OTP again.
You can try these test scenarios and cases for the OTP system. These days, most OTP systems are used in E-commerce and bank applications. You may find the cases will differ based on the type of OTP module used.
If you think I have missed any test scenarios or cases, please let me know in the comments. I’d appreciate it if you shared the post on social media.
Abul Hasan Shadhuli says
check whether the bypass notification is not work in Application.
In server, The otp is expiry time should not be match in Client Application Time.
Check if We Requested more than one otp. if We Entered the previous otp then it should work.
if two Application make a request at a time it should be come 1 otp or none.
Here should be one more test scenario in which i will first send the otp and without fillng the otp i will click on back button and then forward button.
Result:- phone number field should be empty and after entering the field New otp should be generated.