As per my point of view, password should be in entrypted mode. If i am wrong, plz correct me.
Prasad Kumar
Mar 6th, 2007
Hi,
This is prasad
In Security point of view we can test only the password field (textbox). The following cases can be tested.
1. Whether the field is encrypted. 2. Whether we can able to copy the password from the field (It should not allow). 3. The Boundary condition (depends) 4. Data validation (depends - only character, only numbers, alphanumeric, etc.....)
muthukumar
Oct 21st, 2007
TC1 : Typing of password should be displayed as "*" . no characters should be
displayed
TC2 : Inserting of password [ by copy paste] may be allowed on front end , but
should not be allowed on application scripting
TC3 : Attempt to copy paste of typed password in the text field should be failed
TC4 : The entered data should not be displayed in the URL
TC5 : Login successfully and make logout, Click the back button on browser page,
the page should not be displayed. [should ask for the user to redo login
process] it will go on . ....[but becomes too exhaustive]
paramjeet singh
Jul 29th, 2011
If we put invalid password pop up massage box should open saying that user name and password is incorrect
I can write an sql query and add it to the site URL and hit enter. It if spits you the password there you go, the website is useless as security is compromised!
Please add this to all other answers.
Nitin Sharma
Nov 4th, 2011
TC1>Try to copy pw by mouse and short key.
TC2>Give Invalid Input
TC3>Give Valid Inputs
TC4>Check for maximum and minimum length of pw
TC5>Check for only Characters,Numeric,AlphaNumeric.
TC6>Check for Blank Field box
TC7>It will not display in scripting
How to test the password field in security point of view
Related Answered Questions
Related Open Questions