password checking in login page.........

Replies to This Discussion

Permalink Reply by rishi adagale on July 24, 2010 at 12:03pm

HI,
valid case
enter 4 char password
enter 5 char password
enter 59 char password
enter 60 char password

invalid case
enter 3 char password
enter 61 char password
also enter special char


the most important thing in login passwor field is auto save option .......after re login password is not save in this field

Regards
rishi

• ▶ Reply

Permalink Reply by sbharath1012 on July 24, 2010 at 12:06pm

There are many cases to check a pwd field

1. do not type anything in pwd in click on submit
2. press only space bar in the pwd field in click on submit.
3. give various pwd's in the mentioned string length as 3,4,5 and 59,60,61 more than 100 (according to ur wish )
4. Check copy pasting the pwd from the pwd field to a normal text box does not reveal the pwd.
5. try giving pwd after a space , starting with spcl charc , starting with numbers,
6. Case sensitiveness of the pwd string
7. pwd having only numbers , only spcl charc, only space, only capital letters , only small letters , pwd = password
8. try entring a valid pwd in different cases (Upper case / Lower case) that is if the pwd is say password then try giving PASSWORD or pAssWord

• ▶ Reply

Permalink Reply by sbharath1012 on July 24, 2010 at 12:07pm

9 Most important the pwd shud be in encrypted form

• ▶ Reply

Permalink Reply by Dheeraj Khobragade on July 24, 2010 at 12:18pm

Hi,

U can use Boundary Value analysis or Equivalent Partitioning Method for check Valid or invalid Password data.
Boundary value analysis:
1. Valid data - Between Min 4 to Max 60
2. Invalid data- min-1
3. Invalid data- beyond max value Max+1
4. Valid data- Min +1
5. Valid data- Max-1
6. Test for Blank Password field also.

one most important thing, be sure password field there should appear data in encrypted form.
It is very easy to Write Minimum test case and valid test cases.

Use that.

Thanks
Dheeraj

• ▶ Reply

Permalink Reply by gouri sankar on July 24, 2010 at 12:57pm

hi , welcome to testing world,

Password : here we can go for 1) enter the password field without fail with the given condition using bva(Boumdary value analysys ) and ecp (equilence class partition ) using mathanatyical notations given below

min=pass (valid i/p) , max= pass (vallied i/p)
min+1= pass (valid i/p) max+1= fail (Invalied i/p)
min-1= fail (Invalied i/p) max-1= pass (valied i/p)

Enter valid user id & password ********** click ok/sign in -------- tabulate the o/p
Enter valid user id & no password given(enpty) ********* click ok/sign in ....... tabulate the o/p
Enter valid user id & invalied password ********** click ok/sign in -------- tabulate the o/p

apart from these , Testing conditions( like test data , spl char, space bar) shd b clear .

Regards,
Gouri Sankar

• ▶ Reply

Permalink Reply by Kunal Tambe on July 24, 2010 at 10:52pm

Saivarma,

>>>>i am new to the testing world.

First of all welcome to the Testing World.

>>>> i have one doubt in password field in login page.
>>>> Conditions are
>>>> 1. Mandatory
>>>> 2. Min.4 and Max.60

So, to check password field, apply the following steps and inputs.
1) Check the password field for "BLANK". (Invalid)
2) Check the password field for 3 characters (Min - 1). (Invalid)
3) Check the password field for 4 characters (Min). (Valid)
4) Check the password field for 5 characters (Min + 1). (Valid)
5) password field for 59 characters (Max - 1). (Valid)
6) password field for 60 characters (Max). (Valid)
7) password field for 61 characters (Max + 1). (Invalid)
8) Check the password field for special characters. (Valid)
9) Check the password field for digits. (Valid)
10) Check the password field for characters. (Valid)

Regards,
Kunal Tambe

• ▶ Reply

Permalink Reply by Amjad Khan on January 4, 2011 at 5:12pm

There are certain corporate policies (ex. CPI 810 etc) which governs the password policies. Apart from the discussion above

1. Three invalid attempts should lock the user.

2. Ideally passwords should not be stored in the log files or registry. Even if they are stored they should be encrypted.

3. Passwords should not contain users first name and last name.

• ▶ Reply

Permalink Reply by snehasish on January 4, 2011 at 5:58pm

Hey guyz you have missed something major i.e. SQL INJECTION............

 

Well Saivarma try this code in the login page like 1 OR 1=1, 1' OR '1'='1, 1'1, '; DESC users; ...... etc in the login and password field to check the security of your application.

 

Thanks,

Snehasish

• ▶ Reply

Permalink Reply by vishnu on January 10, 2011 at 10:04am

The madatory to check while testing password field is ,the password should not enabled to view by otheres it should be encrypted.(like showing pasword in  "********").

You have to use BVA Tecnique and ECP for testing such type 0f test cases.you have to choose like enter the characters to check the password are min as 3 and 4,59,60  characters are valid input data,invalid data are 2 and 61 characters.

• ▶ Reply

Permalink Reply by Gajapathi Raju on March 2, 2011 at 1:50am

Hi,

You are asking about boundary value analysis and ecp.

BVA:take the value range and check the edit box according to the customer requirement.

you are saying min value is 4 and max value is 60

always follow this procedure for BVA testing "min value, min value-1,min value+1, middle value,max value-1 max value+1,max value"  according to your que the BVA test should be like this

enter 4 char and test the application(here the test should pass)

enter 4-1 i.e 3 char and test the application(here the test should fail)

enter 4+1 i.e 5 char and test the application(here the test should pass)

enter 30 char and test the application(here the test should pass)

enter 60 char and test the application(here the test should pass)

enter 60-1 i.e 59 char and test the application(here the test should pass)

enter 60+1 i.e 61 char and test the application(here the test should fail)

 

checking the application with combinatio of valid and invalid data is known as ECP.

when testing starts in your project u will be getting some test data produced by  ur client or ur manager

in  ECP test for a login page you have to test different i/p

 

    user name                  password

 valid                             valid

invalid                           valid

invalid                           invalid

valid                               invalid

 

 

• ▶ Reply