Here are some of the sample test cases for Password control.
Check whether password field is accepting only characters as per requirement
Check for a password length
Check for password is displayed in encrypted format
Check for all possible combination of alphabets, numbers and special characters as per requirement
Check whether validation is placed if user fail to enter the correct password
People reset their password when they don’t remember it. That’s the most obvious scenario you can think of while writing the test cases. People also need to reset the password when the app has some security issues. In such case the type of test cases you write would be different. However, password reset scenario needs to be part of any app that has intention of collecting the user data.
Does the app offers guidelines to reset the password?
Does the app offers two step authentication while resetting the password?
Does the reset password link has expiration time period or session limit?
Does the reset password form has password strength checker?
Does the reset password form rejects insecure password?
Does the reset password form offers password generator option?
Does the reset password form has any guidelines for the pattern of the input?
Password Encryption Almost every secure web app needs to have encryption system. You should discuss the following scenarios while setting the requirement for the password field.
Does the system allow users to do md5 hashing?
Does the system does any form of encryption?
Does the system stores the password in plain text?
Does the system masks the password while typing?
Does the password storage in database is encrypted itself?
Does the encrypted easy to decrypt using known tools?
There are many other encryption features you can think of and the more complex field the harder encryption you need for the app. Password Guidelines Each web app should have some sort of guidelines on choice of password user should have for better security. So make sure you consider following test scenarios.
Does the app allow you to see the password length?
Does the app have some guidelines for password strength?
Does the app tells you which characters are allowed?
Does the app restricts you from checking the characters that are not allowed?
Does the app keeps the password field in asterisk?
Is there any form of guideline for forgot password link?