How to Write Test Cases for A Login Page with Examples

Test Cases for Login Page [featured image]

To Test a login page, focus on detailed negative testing that try to break the login page. Ensure positive test cases that check the UI elements. Don’t forget to test IT security policies such as for passwords as well as performance.

We use login pages all the time.

Whether it be your favourite social network, email or to buy groceries, we can’t get away from customised user accounts.

As part of your software testing project, you’ll find that the process for login pages is very similar for most applications.

In this article I will break down these test cases for you.

If you are looking for how to test a registration page, then there is an entire page dedicated to this.

If you want to learn how to write test cases then you should read the article first.

User Interface Tests

Test Case IDTest Case DescriptionPreconditionExpected ResultPost Condition
UI0001Verify the login screen has rendered correctly with all items appearing “as expected” on the User Interface (UI)The screen has rendered correctly.

[X] items as per the user spec have rendered are being displayed.
UI0002Verify logo is displayed as per the design specificationLogo is displayed.

Note:  Ensure the right colours, sizes, format etc are being used.
UI0003Verify username box is displayed with default text “”Your name””The default text is displayed ‘as expected’.
UI0004Verify password box is displayed with default text “”Your password””.The default text is displayed ‘as expected’.
UI0005Verify “Sign In” button is present.The button is displayed ‘as expected’.
UI0006Verify “Register” button is present.The button is displayed ‘as expected’.
UI0007Verify the “Forgot Password?” link is presentThe link is present in the expected location on the page as per the UI spec.

Notes:

Depending on the type of organisation, you may be asked to provide additional security credentials.

For example, in the banking industry, two factor authentication (2FA) is usually required.

In order to test 2FA you’ll need a soft or a hard token.

Don’t forget to add this in your test plan.

I remember working on a UK government project where I was actually testing the SAML tokens to ensure they were being authenticated properly. That was using a tool called SoapUI.

Anyway

Functional Testing

Consider both positive and negative testing in your scenarios.

Below are test case descriptions with expected results.  You may need to add individual test steps to ensure you have full visibility and coverage when testing.

Test Case IDTest Case DescriptionPre ConditionExpected ResultPost Condition
FT001Verify user is able to enter their valid username. Valid User ID is accepted by the system.
FT002Verify the user is able to enter their correct password: Valid password is accepted.
FT003Verify the “Submit” button can be selected.“Submit” button is clickable
FT004Verify the login page accepts the user’s credentials

Note: You might want to add the test cases above in a Test Scenario so you can cover all the tests in a logical order.
Login page accepts credentials.

User is directed to the post login page.
FT005Verify user can login successfully once valid credentials have been entered Successful login message should display with thank you text (i.e “You’ve successfully logged in” or take you to the relevant page after a successful login.)
FT006Verify registration section is not displayed when user enters valid credentials for existing account.User is directed to the post login page if the login is successful.

There is NO option to register a new user from this page.
FT007Verify incorrect username fails login. Login Error Message is displayed.

Note: The system should NOT display that the username was not found. 
This is a security risk and the system should not give any clues as to where the error is.  
FT008Verify invalid password is not accepted.Login is rejected.

Error message is displayed

User is NOT logged in.
FT009Verify invalid username and invalid password entered simultaneously fail. A meaningful error message such as “Invalid Login Error” should be displayed.
FT010Verify Login page does not accept user’s input/communication with the server has failed. User cannot continue testing unless resolved / tab refreshed / browser restarted etc.

Browser tab freezes or “white screen of death” appears.
FT011Verify User name field is too short to contain validated input data. User cannot continue testing unless resolved / tab refreshed / browser restarted etc.
FT013Verify Password field is too short to contain validated input data. 

Note: ensure you check your organisation’s password security policy before creating this test case.
Password has minimum length requirements of 5 characters with upper/lower case letters, numbers and symbols allowed – e.g “!123qwe” OR “A1b2C3d4e5”.
FT014Verify password meets the minimum pass phrase length criteria. 

Note: ensure you check your organisation’s password security policy before creating this test case.
Pass phrase minimum 6 words (no set words/patterns) – minimum 8 characters in length (must contain at least one of the following: upper case letter, case letter, number or symbol)
FT015Verify Password field is too long to contain validated input data. 

Note: ensure you check your organisation’s password security policy before creating this test case.
Password has maximum length requirements of 16 characters with upper/lower case letters, numbers and symbols allowed – e.g “!123qwe&@#ABCDEFG”.
FT016Verify Caps Lock key is enabled during password entry. Incorrect Password error should display.
Verify Num Lock key is enabled during password entry. Incorrect Password error should display.
Verify system does not accept passwords which are too similar. 

Note: ensure you check your organisation’s password security policy before creating this test case.

I have worked in organisations where the last 6 months worth of passwords were not accepted.
Invalid Credentials error should display. , e.g “password” & “Password”

Non Functional Testing

Performance Testing

Test Case IDTest Case DescriptionPre ConditionExpected ResultPost Condition
PERF0001Verify Service unavailableThe login page cannot communicate with a server / service which prevents correct validation of user credentials and subsequent successful login for this user. 

User cannot continue testing unless resolved / tab refreshed etc. 

Note: It might be difficult to replicate this.

Considerations

Device Type

Your test scenario should consider the device you are using.

This is because the way that the UI is rendered will be different. For example, desktop, mobile and tablet will all display the output differently.

As a result, you may need to also think about accessibility testing (out of scope for this article).

Biometric Login

This article only focusses on the traditional way of entering your username and password to log in.

However, biometrics is a much safer and secure way to login.

As a result, if your application uses fingerprint ID or Face ID, then you should also look to add these types of tests to your test plan.

Login ID

I’ve found that if I’m a customer for an eCommerce store, then a valid email address is also used as a username.

However, working for an organisation as an employee or as a banking customer, the username will be more customised.

Penetration Testing

Whether you do or don’t do the Pen testing, you’ll need to get it done anyway.

Your organisation will need to ensure that the login page is fully secure and not open to any kind of SQL injection attacks or any type of security holes.

Single Sign-On Testing

If your organisation uses a single sign-on then the above steps might not even be required.

Services such as OKTA allow organisations to connect their internal users with external systems using the same credentials.

This does depend on whether or not the external systems are compatible with OKTA.

With regards to verification of the service and its connectivity, this will form part of your functional and security testing activities.

You should work very closely with your IT Security teams when conducting single sign-on testing to ensure that any integration testing has been carried out correctly.

Add it to your Regression Testing Suite

Once, individual test cases have been approved, they can then form part of a future regression test suite.

It’s entirely up to you if you want to run them as manual or automated tests.

Summary

I hope this article really gives you an insight into how to write test cases for a login page.

With technology changing all the time, you’ll need to stay on top of your game and think about how to also test these new technologies as they integrate into your existing infrastructure.

The login page itself should be quite straightforward to test since there are very few elements on the page.

However, that does not mean that testing cannot be detailed.

Since this test relates to IT security, a LOT of time needs to be tested around the security elements.