What are good ways to test a login page?

Question

I get asked this question very frequently in my interviews. They draw username and password text fields and ask me what test cases I can come up with to ensure that this page works fine. My answers on this for some reason never seem to satisfy them. So what tests can we have to ensure that this page is working fine besides the ones mentioned below?

My answers normally include:

• check whether the login works with correct credentials
• check that it doesn't work with wrong credentials
• check text field limits - whether the browser accepts more than the allowed database limits
• check whether password text is hidden

Answer 1

I'm not going to give you specific suggestions here: you've already had a few. Instead I'm going to suggest a general strategy you can use for this type of question. (Next interview might not be a login dialog. It might be a registration form.)

I don't use that particular question in interviews, but what I'm generally looking for when I ask this type of question is that people will be able to come up with a variety of test ideas, and that they don't fixate on a particular type of test too much. Getting onto a bit of a roll and throwing out a lot of variations upon a theme is fine, if you later then switch to another theme and do the same - but if you only seem to be able to come up with test ideas for one sort of test, and you run out pretty fast, I may worry that you're a bit narrowly focused for a tester.

Being able to generate a lot of test ideas and range over a wide area when you're doing that is a key indicator of a good tester for me: I want to work with people who are both creative and analytical - i.e. you can both come up with a lot of ideas, and also explain to me the underlying model for them: security, usability, and so on.

Step back and take a breath when you run out of ideas, and ask them a couple more questions about the context - what kind of system is the login dialog for? What platform is it run on? Is it for a publically available web app, or is this page only reachable within a company? This may trigger more test ideas for you - for instance, you might start thinking about how many times you can retry a login - should user accounts be locked out if they retry too many times? If they are, should the error message give them directions on how to reset their password?

I'd suggest that you try looking up some test heuristics, and practice using them with different scenarios: e.g. test a login dialog, test a registration form, a shopping cart, and so on.

This is a good one to start with - try sitting down and just jotting down a quick list of what comes to mind for all the examples above. Then redo it with a friend, and compare lists: http://www.satisfice.com/articles/sfdpo.shtml

For further reading, I'd suggest this resources page: http://www.developsense.com/resources.html

This sort of practice will help to prompt you when you're under pressure: you can step back and ask yourself "how would I categorise the tests I've suggested so far? Are there any areas I've missed completely? What would be one sort of test for that?".