Different combinations of username and password
Valid Username Valid Password Valid Username Invalid Password Valid Username No Password Invalid Username Valid Password Invalid Username Invalid Password Invalid Username No Password No Username No Password Valid Username Valid Password and Incorrect Domain Valid Username Invalid Password Correct Domain Valid Username Valid Password and Correct Domain Valid Username Invalid Password Incorrect Domain Invalid Username Valid Password and Incorrect domain Invalid Username Invalid Password and Correct domain
Case Sensitive
Password is case-sensitive? Username is case-sensitive?
Maxlength
Username has maxlength? Password has maxlength?
Alignment
Username and Password text fields are in proper alignment? Username and Password labels are aligned properly? Login button is placed in alignment and is not far from the text fields?
Input Validation
Alphabets Alphabets + Numerical Alphabets + Special Characters Alphanumeric + Special Characters Quotes, Double Quotes, Tilde How does the login behave with the usage of different charset? Changing the order of these characters like; AB1, 1AB (Adding numeric to end and adding numeric to first)
Keyboard mapping
Enter username and password and then press "Enter" key. Does it invoke Submit button? Are there any keyboard shortcuts for Submit and Cancel?
Feel free to add more by commenting to this blog post.
Recommended: Darren McMillan created a mindmap of Login Test Ideas and you can view it at
http://www.bettertesting.co.uk/content/?p=1372
13 Comments
Santhosh,
Are You intending to test just the login actions (input-fields and action-buttons)? If so You can include
1) copy-paste techniques
2) same inputs for uname and passwd
3) inputs like product-name/ admin/ administrator/ guest/ user/ username/ uname etc
4) keys-input from view source
5) Login with valid-credentials, hit back and observe login-page behaviour
6) Login with same credentials from multiple browser windows/ tabs/ systems
7) Does the login-page or user-account get locked after certain attempts
8) Max-simultaneous-logins by a single user
9) copy-paste a successful login URL across different browsers and verify behaviour
and many more.
If You intend to test the Login page itself, the above inputs + yours maybe insufficient.
What matters always differ, but here are some additional test ideas to consider:
Valid and invalid for reasons like:
Password changed
User deleted/added
Password expired
The strangest characters users might have – o’Toole, Japanese, Årjäng, (leading/trailing) space…
Characters that mean other things: HTML, SQL, Alt+03…
Correct terminology in text
Username Edit box selected by default
Tab order
Password hidden on screen
Error messages are informative, but don’t reveal too much information
resonable speed (overall experience)
environment compatibility (mobile devices?)
Attractiveness?
Thanks Rikard and K. I do not wanted to add more test ideas to this blog post as I wanted to make this blog post interactive. So, I wrote few test ideas and published it. Your contribution to the login test ideas is appreciated. Let us wait for more test ideas from others if they are willing to or if they can :)
I just remembered how copy / paste of password varies based on different technologies. In Adobe Flex (Rich Internet Application) I typed the password which was masked and then copied it and pasted it into a text editor; Wow! I saw the plain text (Password) which was unmasked.
Excellent Santhosh, I started out replying to this as a comment, but quickly realised my list had become rather large, so I blogged about it :-)
http://www.bettertesting.co.uk/content/?p=1372
Thanks for the challenge ;-)
Darren, Fantastic work on login test ideas in xmind format. I have edited this blog post by adding “Recommended” section which has hyperlink to your blog post on login test ideas.
How about if User A and B exist..
attempting to log in with User A but with User B’s password and vice versa
and to add your list above
no username but password
Glory, That’s a good add which was not included in the various combinations. Even using A as username and B’s password is a good one. Thanks!
Santosh,
I love these brainstorming sessions. I miss the 20 minutes sessions we used to do.
More scenarios [It could be out of the context]
Environment:
- Local login (if the authentication is saved in the local DB)
—-Login when connectivity is down
—-Login when Remote Authentication is configured
—-Login when Remote Authentication is not configured
- Authenticating to an Active Directory on a Remote PC?
—-AD turned ON
—-AD turned OFF
—-Config file marked not to use AD
—-Lossy Connectivity
Sharath, Thanks for adding with respect to Remote Authentication, Connectivity and Active Directory.
It has been good response from testers and I see that the purpose being served for which I wrote this blog post.
Thanks to all of you.
Few more ideas, might be duplicate.
1. Try not to login for 30 (for example) consecutive days :). Verify whether it asks to change your password in next login.
2. Try to login disabling your browsers cookie.
3. Verify the form submission method. Is it GET or POST?
4. Try single SPACE in both fields.
5. Disable javascript from you browser and then hit login button.
6. View the source of the login page, specially the ‘action’ of the form. Where it redirects to authenticate. If it’s not the same page then try to access that page directly.
7. Try to login changing your PC time, making future date.
8. Keep open the login page for a long time (few hours) and then try to login with valid credentials.
9. See what cookies are set after login. Is there any sensitive information?
10. Try with &# in both fields if the application is built using asp.net. It causes problem even in this https://home.microsoftonline.com/login.aspx page.
Thanks Monirul for your participation and contribution.
Hi Santhosh,
See if this is a nice login scenario.
*Enter valid username
*Enter valid password
*Click login button
*Immediately stop with browser stop button
*Verify
*Refresh
*Enter valid username
*Enter valid password
*Click login button
*Verify
Nice post!
I have some suggestions from the experience, with bugs I have encountered in this area:
- correct password + SPACE
- Captcha or other blocking mechanisms
- I got once a bug where you could register more accounts on the same password so you could login with same account and different passwords for different accounts
2 Trackbacks/Pingbacks
[...] This originally started out as a comment on a post Santhosh Tuppad made around his ideas for testing a login process, but I quickly realised my list was becoming a little bit on the large side. Thanks for the [...]
[...] around test ideas for a login process. This originally started out as a comment on a post by Santhosh Tuppad, but I quickly realised it would become too large.Tales from the trenches: Lean Test Phase [...]
Post a Comment