Test Ideas for LOGIN

Tab Test

 Does the tab and shift tab option available and function as indexed

 Post providing the input fields - does the next tab land on LOGIN / Submit option

Secure login page (HTTPS)

 Is the login page encrypted Is the security certificate - genuine - active - expired - is as claimed Learn about the security certificate provider

User - Browser Interaction

 Positioning the Signin,Signup options

 Placement of the viable fields when clicked on Signin / Signup option

User Login, Client Login


Don the hat of a security tester and hacker

 Subject the login feature to Brute force attack

 Subject the login feature to dictionary attack

 Is the login page prone to Social engineering attacks

  Is the password masked, #hashed

Did you forget Password

 Forgot password link


  Is it required? Is it user friendly?

 Does the forgot password link expire after its first use.

 If more than one link is generated, is the latest link only active.

 Can the forgot password link be edited for re-use/misuse

 Appropriate captchas for differently abled users

Availability and usage of the captchas

Different Login's

 Test if they all mean and infer the same. If different, test different user login's and associated action





Username, password v/s Login id

 Username, Password - less than 2 fields or more than 2 fields to facilitate login operation

What more?

 More than 1 id to login to the application

 More than 1 interface to help login

 Clear browser cache when logged into single / multiple accounts


User friendly interface

 Is the puzzle required to be solved prior to login, user friendly?

 Font used, color codes, plain text mode, w3 consortium approved

 Test login page with user accessibility tools

  Does the login page comply to the w3 consortium and Section 508 standard

 Font, color, size, readability of the Login option / button

Error messages - Appropriate or a give away?

 Password entered is wrong

 Email id entered is wrong

 User id entered is wrong

 Mobile number entered is wrong or is in inappropriate format

 Sequence numbers/characters entered is incorrect - in a case,where a sequence is required

 Biometric id's - Face recognition, Finger prints, Retina recognition (inclusive of lens, spectacles) - render user friendly error messages in case of any aforementioned failures

Mobile app

 Test the mobile version of the app under test. Example: m.gmail.com

 Check for responsiveness and performance on mobile devices

Successful Login Page

 Is the message rendered post login appropriate

 User Interface is as defaulted to

Any updates are upgraded by the business.

User is prompted for upgrade.

 Synchronises all folders when accessed from different devices based on Sync settings

 Option to save browser and continue( when accessed by an unsaved browser)

 Option to not save browser and continue

  Notification to the user on the device set as default on the illegitimate access

 Information about active and signed in locations and ip address

 Active and signed in browser information

 Signout from all active session option

 Alert the defaulted devices about the login activity - If an alert is set

Sign up option on login page


  Are you subscribing by default to newsletter by signing up - default or by providing permission

 Different signup options and attributes for different users





Differently abled users with different login page

Network - Error messages

 Unplug LAN cable post signing in

 Disconnect the dongle

 Disable the wifi

 Power off

 Be logged in for several hours/days

Check for notification, updates with respect to the application obtained/retained.

 Record and note the error messages.

(Unplug LAN cable post signing in, Disconnect the dongle, Disable the wifi, Power off, Be logged in for several hours/days)


 Look out for Copyright information on the Login / Landing page

 Look for Contact, About us and report an issue section

View source code

 check for gaps/leaks in functionality, usability, user experience, security, seo

Suggestion for testing

 Extract the error messages from source code - Quick test

 Appropriate Alt text for images


 Language: Localized help for login

 Availability of Translate option

Login using existing account

 Login using an existing account

 Access the existing account without logging in to it. E.g., Google account

 Access to information of the logged in account - Check and provide permission where required via Allow access/Deny access

 Sign out from the existing account, refresh the logged in application.

 Perform consistency check using all the available options to login.


Access to newsletter

Subscription email when logged in from other accounts.

Welcome note

 Change password of one of the accounts and refresh the logged in page.

Username/Login ID

 Username/Login ID length

 Supported characters

digits/special characters(includes alphabets of all languages), spaces, character from char map

 Email id,Username/mobile number, user id - formats


 Notification to the user if Caps lock is on

 Password format

salted passwords - a prevention mechanism against dictionary and rainbow table attack.

 Password length

 Password strength check

 Supported Characters

digits/special characters(includes alphabets of all languages), spaces, character from char map

 Password guidelines wherever essential

Browser based Tests

 Get notifications via email and / or on mobile as an SMS when logged in from an unsaved browser

 Click on the back button post logging in and then click on forward button

 Test on: Different devices Operating systems and Different browser versions Install supported browser add-ons to perform specific tests related to - Login - Save browser - Save Password - Logout

Web Visibility

 Title of the login page

 Description of the page


 Check the alexa ranking and performance parameters like: - css - gzip compression - dom objects - compressed images - page rendering