Skip to content

Login – Test Ideas

Different combinations of username and password

Valid Username Valid Password
Valid Username Invalid Password
Valid Username No Password
Invalid Username Valid Password
Invalid Username Invalid Password
Invalid Username No Password
No Username No Password
Valid Username Valid Password and Incorrect Domain
Valid Username Invalid Password Correct Domain
Valid Username Valid Password and Correct Domain
Valid Username Invalid Password Incorrect Domain
Invalid Username Valid Password and Incorrect domain
Invalid Username Invalid Password and Correct domain

Case Sensitive

Password is case-sensitive?
Username is case-sensitive?

Username has maxlength?
Password has maxlength?


Username and Password text fields are in proper alignment?
Username and Password labels are aligned properly?
Login button is placed in alignment and is not far from the text fields?

Input Validation

Alphabets + Numerical
Alphabets + Special Characters
Alphanumeric + Special Characters
Quotes, Double Quotes, Tilde
How does the login behave with the usage of different charset?
Changing the order of these characters like; AB1, 1AB (Adding numeric to end and adding numeric to first)

Keyboard mapping

Enter username and password and then press "Enter" key. Does it invoke Submit button?
Are there any keyboard shortcuts for Submit and Cancel?
 Feel free to add more by commenting to this blog post.

Recommended: Darren McMillan created a mindmap of Login Test Ideas and you can view it at


I have been as a software tester for over 5 years. I am a hands-on tester and I've been winning bug battles & testing competitions across the world. I am a testing enthusiast, who conducts free workshops on security testing across India (Covered locations: Bengaluru, Pune, Hyderabad & Chennai. Invite him to come to your location), and monthly meets for testers in Bengaluru. I am also an avid testing blogger.

My interests include traveling, driving my SUV, health & fitness and many others. I mentor budding entrepreneurs, testers, teams in any profession.

Latest posts by SanthoshTuppad (see all)



  1. K wrote:


    Are You intending to test just the login actions (input-fields and action-buttons)? If so You can include
    1) copy-paste techniques
    2) same inputs for uname and passwd
    3) inputs like product-name/ admin/ administrator/ guest/ user/ username/ uname etc
    4) keys-input from view source
    5) Login with valid-credentials, hit back and observe login-page behaviour
    6) Login with same credentials from multiple browser windows/ tabs/ systems
    7) Does the login-page or user-account get locked after certain attempts
    8) Max-simultaneous-logins by a single user
    9) copy-paste a successful login URL across different browsers and verify behaviour

    and many more.

    If You intend to test the Login page itself, the above inputs + yours maybe insufficient.

    Friday, September 2, 2011 at 6:00 am | Permalink
  2. What matters always differ, but here are some additional test ideas to consider:

    Valid and invalid for reasons like:
    Password changed
    User deleted/added
    Password expired

    The strangest characters users might have – o’Toole, Japanese, Årjäng, (leading/trailing) space…
    Characters that mean other things: HTML, SQL, Alt+03…

    Correct terminology in text
    Username Edit box selected by default
    Tab order
    Password hidden on screen
    Error messages are informative, but don’t reveal too much information

    resonable speed (overall experience)
    environment compatibility (mobile devices?)

    Friday, September 2, 2011 at 11:18 pm | Permalink
  3. Thanks Rikard and K. I do not wanted to add more test ideas to this blog post as I wanted to make this blog post interactive. So, I wrote few test ideas and published it. Your contribution to the login test ideas is appreciated. Let us wait for more test ideas from others if they are willing to or if they can :)

    I just remembered how copy / paste of password varies based on different technologies. In Adobe Flex (Rich Internet Application) I typed the password which was masked and then copied it and pasted it into a text editor; Wow! I saw the plain text (Password) which was unmasked.

    Saturday, September 3, 2011 at 2:30 am | Permalink
  4. Excellent Santhosh, I started out replying to this as a comment, but quickly realised my list had become rather large, so I blogged about it :-)

    Thanks for the challenge ;-)

    Saturday, September 3, 2011 at 2:20 pm | Permalink
  5. Darren, Fantastic work on login test ideas in xmind format. I have edited this blog post by adding “Recommended” section which has hyperlink to your blog post on login test ideas.

    Sunday, September 4, 2011 at 10:07 am | Permalink
  6. Glory wrote:

    How about if User A and B exist..

    attempting to log in with User A but with User B’s password and vice versa

    and to add your list above

    no username but password

    Sunday, September 4, 2011 at 11:58 am | Permalink
  7. Glory, That’s a good add which was not included in the various combinations. Even using A as username and B’s password is a good one. Thanks!

    Monday, September 5, 2011 at 12:07 am | Permalink
  8. Santosh,

    I love these brainstorming sessions. I miss the 20 minutes sessions we used to do.

    More scenarios [It could be out of the context]

    – Local login (if the authentication is saved in the local DB)
    —-Login when connectivity is down
    —-Login when Remote Authentication is configured
    —-Login when Remote Authentication is not configured
    – Authenticating to an Active Directory on a Remote PC?
    —-AD turned ON
    —-AD turned OFF
    —-Config file marked not to use AD
    —-Lossy Connectivity

    Tuesday, September 6, 2011 at 3:25 am | Permalink
  9. Sharath, Thanks for adding with respect to Remote Authentication, Connectivity and Active Directory.

    It has been good response from testers and I see that the purpose being served for which I wrote this blog post.

    Thanks to all of you.

    Tuesday, September 6, 2011 at 4:26 am | Permalink
  10. Few more ideas, might be duplicate.

    1. Try not to login for 30 (for example) consecutive days :). Verify whether it asks to change your password in next login.

    2. Try to login disabling your browsers cookie.

    3. Verify the form submission method. Is it GET or POST?

    4. Try single SPACE in both fields.

    5. Disable javascript from you browser and then hit login button.

    6. View the source of the login page, specially the ‘action’ of the form. Where it redirects to authenticate. If it’s not the same page then try to access that page directly.

    7. Try to login changing your PC time, making future date.

    8. Keep open the login page for a long time (few hours) and then try to login with valid credentials.

    9. See what cookies are set after login. Is there any sensitive information?

    10. Try with &# in both fields if the application is built using It causes problem even in this page.

    Tuesday, September 6, 2011 at 4:41 am | Permalink
  11. Thanks Monirul for your participation and contribution.

    Tuesday, September 6, 2011 at 4:50 am | Permalink
  12. Hi Santhosh,

    See if this is a nice login scenario.
    *Enter valid username
    *Enter valid password
    *Click login button
    *Immediately stop with browser stop button
    *Enter valid username
    *Enter valid password
    *Click login button

    Tuesday, December 27, 2011 at 6:30 am | Permalink
  13. Eusebiu Blindu wrote:

    Nice post!

    I have some suggestions from the experience, with bugs I have encountered in this area:

    – correct password + SPACE
    – Captcha or other blocking mechanisms
    – I got once a bug where you could register more accounts on the same password so you could login with same account and different passwords for different accounts

    Friday, September 7, 2012 at 1:17 am | Permalink

2 Trackbacks/Pingbacks

  1. Test ideas for a login process on Monday, November 7, 2011 at 4:28 pm

    […]  This originally started out as a comment on a post Santhosh Tuppad made around his ideas for testing a login process, but I quickly realised my list was becoming a little bit on the large side.  Thanks for the […]

  2. 2011 a year gone — 2012 a year of great promise. on Friday, December 30, 2011 at 4:18 pm

    […] around test ideas for a login process.  This originally started out as a comment on a post by Santhosh Tuppad, but I quickly realised it would become too large.Tales from the trenches: Lean Test Phase […]

Post a Comment

Your email is never published nor shared. Required fields are marked *