Skip to content

TC008 - Securely authenticate user account
Test Case description Verify users can create accounts, and authenticate securely. Accounts and passwords must meet security standards.
Test Case ID TC008
Autohor/Designer Iiro Peuhkuri
Date of creation 25.3.2024
Class Functional / Security

Test description / objective

Verify users can create accounts, and authenticate securely. Accounts and passwords must meet security standards.

Links to requirements or other sources

Test pre-state

  • The application's registration and login pages are ready.

Test steps

  1. Account Creation – Successful
  • Access the registration page.
  • Input a valid, unused email address.
  • Create a password that meets complexity requirements.
  • Confirm password (matching).
  • Submit registration.
  • Verify account creation confirmation (on-screen, success email, etc.).
  1. Account Creation – Errors
  • Attempt creating an account with an existing email. (Error expected)
  • Input mismatched password confirmation. (Error expected)
  • Attempt using a password below complexity standards. (Error expected)
  1. Login – Successful
  • Access the login page.
  • Input the correct email and password from the successful registration (Step 1).
  • Submit login.
  • Verify successful authentication – user is redirected to the application's main area.
  1. Login – Failures
  • Incorrect password with the correct email. (Error expected)
  • Incorrect email (non-existent). (Error expected)
  • Empty field(s) submission. (Error expected)

Test end-state

  • Log out of any created test accounts.

To be taken into account during test

  • Password Complexity: Test with a range of valid and invalid passwords against the defined security rules.
  • Account Recovery: If applicable, test "forgot password" functionality.

Test result (Pass/Fail Criteria)

PASS: * Accounts can be created with valid data. * Error messages are clear and prevent invalid account creation. * Successful login grants access to the application. * Incorrect login attempts are rejected and produce appropriate errors.

FAIL: * Account creation fails with valid data, or succeeds with invalid data. * Login is permitted despite incorrect credentials.