In this article we are going to discuss about negative and positive scenarios to test Login page. Testing of Login page is very essential in terms of security and functional aspect. Though we make sure to cover most scenarios often some basic scenarios are missed out, which can lead to bad user experience.
So, we came up with the list of scenarios to Test Login Page and gradually we will be adding more such checks to this list.
Note : Some conditions, validations and naming conventions may differ as each application has its own set of requirements.
Features of Login Page :
1) Login screen is having fields to enter Username / Email Address and Password with Submit and/or Reset button.
2) “Remember Me” check-box is available on Login Screen.
3) Forgot Password link is properly displayed.
4) There should be a link to Register for New Users.
Functional Verification :
1) User should be able to Login with valid credentials.
2) User should be redirected to appropriate page when clicking on Forgot Password link.
3) User should be redirected to appropriate page when clicking on Sign Up link.
4) User should not be allowed to Login with Valid Username and Invalid Password.
5) User should not be allowed to Login with Invalid Username and Valid Password.
6) User should not be allowed to Login with blank Username field.
7) User should not be allowed to Login with blank Password field.
8) System should take appropriate action (e.g. : Block Username) after defined invalid login attempts.
9) Reset button should clear data from all text boxes in the login page.
Basic Field Validations :
1) Username field should be alphanumeric.
2) Length validation for Username and Password. For example, length should be 6-12 characters.
3) Login credentials should be case sensitive.
4) Password should be displayed as asterisks or bullets.
5) Appropriate validation message should be displayed at correct place when providing invalid Username / Password.
6) Special validation message should be displayed when providing special characters.
7) Username field should not contain any symbol or special character.
Security Checks :
1) XSS scripts should not affect the system and User should not be allowed to login. Proper validation message should be displayed.
2) Password should not be deciphered when copied.
3) Login form should not reveal any security information in View Page source mode.
4) There must be minimum password length.
5) Login form should not be vulnerable to SQL injection.
6) After successful Logout, clicking on browser back button should not take User to logged in mode.
7) Some Websites have CAPTCHA enabled in the Login page for better security purpose. To test Login page with this feature, below are some ideas for testing CAPTCHA functionality.
1) When user does not enter CAPTCHA, there should be a client side validation and user should not be allowed to Login.
2) There should be a link(AJAX) to refresh the CAPTCHA image.
3) CAPTCHA should be case sensitive.
4) There should be an option for audio support to listen and enter the CAPTCHA.
5) CAPTCHA Image should not contain absolute path names.
6) CAPTCHA text should have different background textures and different angle of displaying. The idea is to make it difficult for CAPTCHA cracking programs.
Just like Login page, another most important feature for any website is Search functionality. Click here to get list of top testing scenarios for Search feature.
Have we covered everything? Nah, it’s never enough. Well, I will be adding more scenarios to the list. Let me know if any scenario is missed. Please share your feedback.