Password Test Case Template: In this article, we discuss test cases for passwords. There are many ways to test the passwords for an application. Depending on the type of application you have, and the amount of security you wish to add the test cases will be different. So instead of writing the test cases just by assuming the password field on the form. Let’s try and think of different scenarios under which the passwords can be tested.
People reset their password when they don’t remember it. That’s the most obvious scenario you can think of while writing the test cases. People also need to reset the password when the app has some security issues. In such a case, the type of test cases you write would be different. However, password reset scenario needs to be part of any app that has the intention of collecting the user data.
Similar Test Case: Amazon Screen Page Test Case
- Does the app offer guidelines to reset the password?
- Does the app offer two-step authentication while resetting the password?
- Does the reset password link has an expiration time period or session limit?
- Does the reset password form have password strength checker?
- Does the reset password form rejects insecure password?
- Does the reset password form offer password generator option?
- Does the reset password form has any guidelines for the pattern of the input?
Password Test Case Encryption
Almost every secure web app needs to have an encryption system. You should discuss the following scenarios while setting the requirement for the password field.
- Does the system allow users to do md5 hashing?
- Does the system do any form of encryption?
- Does the system stores the password in plain text?
- Does the system mask the password while typing?
- Does the password stored in the database is encrypted itself?
- Does the encrypted easy to decrypt using known tools?
There are many other encryption features you can think of and the more complex field, the harder encryption you need for the app.
Password Test Case Management
There are tools like KeePass and LastPass that offers to save the password on a desktop or browser. And then such tools can be used to automate browser login. Tools like these require a single master password and using that single password, and you can automate the login across multiple websites. So testing such password fields using automation tools is going to be different.
- Does the app allow usage of password management tool?
- Does the password management work properly with the app?
- Does the password manager secure enough to store the password?
Password Test Case Guidelines
Each web app should have some guidelines on the choice of password user should have for better security. So make sure you consider the following test scenarios.
- Does the app allow you to see the password length?
- Does the app have some guidelines for password strength?
- Does the app tell you which characters are allowed?
- Does the app restrict you from checking the characters that are not allowed?
- Does the app keep the password field in asterisk?
- Is there any form of guideline for forgot password link?
Also, the app should notify you if there any form of strength indication if there is caps lock if it exists there. So this makes testing the password field a lot better. You can also check some of the other secure password fields of popular cloud apps. This gives you an idea of how to test the password field better for your use.
The above-explained test scenarios and test cases should be more than enough to start your test document. You can even add more test content, test data, and scenarios in the document. Feel free to let me know if you have any other suggestions for the discussion. I’d appreciate your comments, and please feel to share this with your friends.