How to Write Test Cases For Login Page?

April 16, 2024Bharath Krishna
How to Write Test Cases For a Login Page

Start automating your tests 10X Faster in Simple English with Testsigma

Try for free

The data from DataReportals’ survey shows that 5.30 billion people use the internet every day. It means that online interactions dominate our daily lives, both on mobile and PCs. Naturally, a seamless and secure user experience is needed for every user to navigate the internet, most of which starts with a login page. It dictates every user journey, giving access to personalized content, confidential data, and valuable services. Developers and designers invest significant time crafting intuitive and visually appealing login pages, which need thorough testing. So, test cases for the login page for proper testing are important.

Source link: Digital 2023 October Global Statshot Report

This blog will discuss test cases for the login page with various scenarios, inputs, and user interactions.

What are the Test Cases for the Login Page?

Test Cases for the login page are crucial to ensure system security and user experience. These include validating empty fields, handling incorrect formats (e.g., special characters), enforcing password strength, and limiting login attempts. For example, testing password strength ensures users create secure credentials. Overall, these test cases are vital to uncovering potential vulnerabilities, guaranteeing a robust login mechanism, and enhancing the application’s overall security. See here for more examples of web application test cases.

The below image shows the various login page test scenarios that are essential for quality testing.

test case for login page

Functional Test Cases of Login Page

Test Case Type Test Cases
Positive Successful login with valid credentials.
Login with a valid username and case-insensitive password.
Successful login with a remembered username and password fields.
Successful login after password reset.
Login from multiple devices simultaneously.
Successful login using a social media account integration.
Login with a valid username and password within specified character limits.
Successful login with special characters in the password.
Negative Unsuccessful login with an invalid username and password.
Login with a blank username and password.Unsuccessful login with an expired account.
Login attempt with an account locked due to multiple unsuccessful tries.
Login with a valid username and an incorrect case-sensitive password.
Unsuccessful login with an account under review or pending approval.
Login attempt with a deactivated or terminated user account.

Non-functional Test Cases for Login Page

Test Case Type Test Cases
Positive Implementation of HTTPS to ensure secure data transmission.
Session timeout functionality for automatic logout after inactivity.
Implementation of account lockout after a specified number of unsuccessful login attempts.
Captcha verification for preventing automated bot attacks.
Password complexity requirements to ensure strong user credentials.
Secure handling of password reset functionalities.
User account activity monitoring for detecting suspicious behavior.
Negative The absence of HTTPS leading to insecure data transmission.
Lack of session timeout, posing a risk for unauthorized access.
Unencrypted storage of passwords, exposing sensitive information.
Weak or no password complexity requirements.
Absence of multi-factor authentication or CAPTCHA, reducing login security.
Lack of user account activity monitoring and missing detection of suspicious behavior.

UI Test Scenarios for Login Page

Simply listing out and knowing the functional and non-functional test cases is not sufficient. As a tester, you must also understand the various test cases that impact user behavior and satisfaction once they start using the application. Here are some of the UI test scenarios for the login page:

Verify field validations:

  • Check if the username and password input fields are present on the page and accept valid credentials.
  • Check if the login is successful after changing the password.
  • Test the system’s behavior when entering more characters than the allowed limit for both username and password.
  • Validate that the system restricts login attempts after reaching a defined limit and displays an appropriate message.

Verify error messages:

  • Input fields should display appropriate validation messages when both username and password are empty.
  • Ensure the system validates and displays an error for an invalid username format (e.g., special characters).
  • Validate the system’s response to an invalid password format, triggering an error message.

Verify the functionality of the “Remember Password” checkbox:

  • Verify that the “Remember Password” checkbox retains its selected/unselected state after the page reloads.
  • Confirm that selecting the checkbox and logging in stores user credentials for future sessions.
  • Test the checkbox functionality across different browsers to ensure consistency
  • Ensure that sensitive information, such as passwords, is not compromised when using the “Remember Password” feature.

Verify the “Forgot Password” functionality:

  • Confirm the presence and functionality of the “Forgot Password” link.
  • Validate that users receive a prompt or instructions on how to reset their password.
  • Test the process of receiving and verifying password reset emails.
  • Confirm that clicking the reset link directs users to a secure page for password reset.
  • Test the system’s response when entering an invalid or unregistered email for password reset.
  • Confirm that users receive confirmation messages after successfully resetting their passwords.
  • Confirm the presence and visibility of the “Create an Account” link on the login page.
  • Validate that clicking the link directs users to the account creation page or sign-up page.
  • Check if users receive appropriate prompts or guidance when attempting to create an account.
  • Ensure the “Create an Account” link is appropriately positioned and easily noticeable.

Verify the visibility of elements:

  • Confirm the visibility of the username and password input fields.
  • Ensure the visibility and clarity of the login button.
  • Verify the visibility and accessibility of the “Remember Password” checkbox.
  • Confirm the visibility of the “Forgot Password” link.
  • Test the visibility and clarity of error messages for incorrect login attempts.

Verify the responsiveness of the UI:

  • Test the login page’s responsiveness on different screen sizes, including desktop, tablet, and mobile.
  • Ensure consistent visibility and functionality across various web browsers.
  • Validate the UI’s responsiveness to changes in device orientation (landscape/portrait).
  • Confirm that text and font sizes adjust appropriately for different screen sizes.
  • Check that buttons and elements maintain proper placement and spacing on different devices.

Verify compatibility with different browsers:

  • Confirm that the login page displays correctly and functions as expected on the latest version of Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Edge, and Internet Explorer.
  • Check compatibility across different versions of each browser to cover a broader user base.
  • Validate that the UI elements and functionalities remain consistent across all tested browsers.
  • Confirm that the login page maintains its responsive design across various browsers and their different versions.
  • Check for consistent font rendering across browsers, avoiding distortions or display issues.
  • Validate the compatibility of CSS to ensure uniform styling across browsers.

Performance Test Cases for Login Page

Ensuring optimal performance for a login page is crucial for providing a seamless user experience. Here’s a list of performance test cases to validate the efficiency of the login process:

  • Verify how the login page handles a specified number of concurrent users attempting to log in simultaneously.
  • Measure and validate the time taken for the login page to respond to user inputs under normal and peak load conditions.
  • Evaluate the number of successful logins the system can handle within a defined time frame to ensure efficient throughput.
  • Evaluate the system’s stability over an extended period, checking for memory leaks or performance degradation during continuous usage.
  • Test the performance when users attempt to log in with incorrect credentials, ensuring the system can handle authentication failures efficiently.
  • Simulate different network conditions to assess how the login page performs under varying latency scenarios.
  • Monitor the utilization of system resources (CPU, memory, etc.) during login operations to identify potential bottlenecks.
  • Verify login performance across various browsers to ensure consistency and optimal user experience on different platforms.

Login Page Test Cases CAPTCHA & Cookies

Below are some CAPTCHA and Cookies test scenarios to write Test Cases for the login page:


  • Verify whether the CAPTCHA is present on the login page.
  • Verify if the CAPTCHA regenerates when required.
  • Check if there is an option to refresh the CAPTCHA image for users having difficulty with the current one.
  • Check if the CAPTCHA validates the input and prevents the login for invalid CAPTCHA.
  • Verify that the CAPTCHA has a reasonable timeout period to prevent expiration during user interaction.
  • Test if CAPTCHA is accessible via alternative text or audio options.


  • Verify that the login page sets a cookie upon successful login.
  • Verify that the cookie lasts across multiple browser sessions and remains valid until it expires.
  • Verify that the cookie deletes upon logout/upon session expiry.
  • Verify that the cookie is securely encrypted to prevent unauthorized access.

BDD Test Cases For Login Page

First, let’s understand BDD. It’s called Behavior-Driven Development that focuses on enhancing collaboration between developers, testers, and non-technical stakeholders by using natural language descriptions of the software’s behavior. Often, BDD with Gherkin is used for testing..

BDD emphasizes the importance of defining the behavior of the system through concrete examples or scenarios written in a human-readable format, typically using the Given-When-Then structure.

Let’s look at the Given-When-Then structure.

  • Valid Credentials

Given valid credentials are entered

When the user submits the login form

Then the user should be logged in successfully

  • Forgot Password Link

Given the user clicks on the “Forgot Password” link

When the password reset page is accessed

Then the user should be prompted to enter their email address

  • Multifactor Authentication (MFA)

Given the user attempts to log in with valid credentials

When multifactor authentication is enabled for the user’s account

Then the user should be prompted to enter a one-time password (OTP) or authenticate using another MFA method

And the user should be granted access upon successful authentication

  • Account Lockout Duration

Given the user’s account is locked out due to multiple failed login attempts

When the lockout duration expires

Then the user should be able to attempt logging in again

And the user should receive a notification informing them of the account lockout expiration

Even with this, do not overlook the NLPs Testsigma uses to transform test scripts into human-readable format. It uses pre-defined statements in plain English to create and run end-to-end tests.

Test Cases For Login Page on Mobile Application

Login is a critical function for web-based as well as mobile applications. Their test cases might stay the same or differ in some scenarios, but the test automation process remains the same. Let’s look at the login page test cases for mobile applications. Conduct these tests along with the normal test cases for a login page.

  • Test if the login page elements appear properly on different devices and resolutions, including smartphones, tablets, and iPads.
  • Test the page with valid and invalid credentials.
  • Check if the forgot password, blank password, and case sensitivity features function correctly.
  • Verify that users can log in with MFA methods (e.g., OTP, biometric authentication).
  • Verify that users can log in using biometric authentication methods (e.g., fingerprint, facial recognition).
  • Check that users cannot log in when the device is offline, and appropriate error messaging is displayed.
  • Test if the login page appears error-free in both landscape and portrait mode.
  • Verify that the login page loads quickly and functions smoothly on low-end devices with limited resources.
  • Check if the login page exerts much power on the phone and drains its battery quickly.
  • Test if the login page in mobile loads and performs well on different networks, such as 5g, Wi-Fi, and 4g.

How to Test SQL Injection on a Login Page?

Testing for SQL injection vulnerabilities on a login page involves attempting to exploit the application’s input fields to execute malicious SQL queries. This process helps understand how hackers can breach the login path and access confidential information.

Here’s a step-by-step approach to test for SQL injection:

  • Identify Input Fields: Determine which input fields on the login page interact with the database, such as the username and password fields.
  • Develop Injection Payloads: Prepare various SQL injection payloads to inject into the input fields. These payloads typically include SQL commands designed to manipulate or retrieve data from the database.
  • Test for Error-Based SQL Injection: Inject SQL queries that intentionally cause errors, such as syntax errors or database-specific error messages. If the application displays detailed error messages, it might indicate susceptibility to SQL injection.
  • Test for Boolean-Based SQL Injection: Test SQL queries that return different outcomes based on the truthfulness of conditions. For example, injecting ‘OR 1=1’ into a WHERE clause can cause the query to return all records, bypassing authentication.
  • Test for Time-Based SQL Injection: Execute SQL queries that introduce time delays to detect blind SQL injection vulnerabilities. For example, adding ‘WAITFOR DELAY’ statements in SQL queries can cause delays in server responses.
  • Test for Union-Based SQL Injection: Run SQL queries that leverage the UNION operator to combine additional SQL statements with the original query. This technique allows attackers to retrieve data from other tables or databases.
  • Test for Out-of-Band (OOB) SQL Injection: Inject SQL queries that trigger communication with an external server controlled by the attacker. Monitor network traffic or logs to detect any outbound connections initiated by the injected queries.
  • Review: Analyze the application’s responses to these different SQL queries to look for anomalies, unexpected behaviors, or error messages.
  • Utilize Automated Tools: Use specialized SQL injection testing tools, such as SQLMap, to automate the process of detecting and exploiting SQL injection vulnerabilities. These tools can perform a thorough analysis of input fields and identify potential injection points.

Tips for Writing Better Test Cases for Login Page

Writing test cases is one thing; writing better test cases is another. Follow these tips to create test cases that work for your application:

  • Understand the testing requirements before writing test cases to help you identify the key functionalities and potential risk areas.
  • Every test case must focus on testing a specific functionality to track and reproduce issues if they occur in the future.
  • Whenever you’re creating test cases, write clear instructions for testing, including the necessary test data, preconditions, and expected results.
  • Both positive and negative scenarios significantly impact testing. So, cover both the expected behavior of the system in login test cases.
  • Prioritize your test cases based on risk, impact, and importance. You can start with important functionalities/areas with high risks.
  • Every test case should be independent and should not impact the results of another test case.
  • While testing, use a combination of valid and invalid inputs to ensure comprehensive testing.
  • Revise the test cases whenever the software is updated.
  • Automate repetitive and time-consuming test cases to execute tests faster, improve coverage, and reduce human error.
  • Use short and meaningful names for test cases and ensure they are well-documented.

When to Automate Test Cases?

Test Automation is useful in the following cases:

  • Automation can save time and effort if any test case needs to be executed repeatedly.
  • When you’re working on many test cases, manual execution will be time-consuming.
  • You can use Test Automation for regression tests as it can speed up the testing process and ensure important functionalities remain unchanged.
  • When working on complex test scenarios, you can use Test Automation to simulate these user interactions, manage large datasets, and perform precise calculations or verifications.
  • Load and performance tests can use test automation to help simulate a high user volume and stress the system under different conditions.
  • When your application needs testing across different platforms & browsers, automation can easily streamline the process.

Testsigma is a great choice for test automation if you want to:

  • Build end-to-end tests for web automation, mobile, desktop, and APIs 10x faster.
  • Easily build even complex tests using its no-code approach, which lets you create test cases in simple English.
  • Write tests that can self-heal when there are minor changes in the application.
  • Execute tests on the device/browser of your choice and do comprehensive cross-browser testing in a short time
  • Reduce build time from hours to minutes and fix functional and visual errors efficiently.
  • Have the backing of a great support team 24/7.

Get all such benefits of Testsigma
for your organization

Schedule a demo

Here is a GIF demonstrating how to create a test case for the login page in Testsigma application. Here, you are verifying that login with valid credentials is successful for the website Simply Travel.


In brief, test cases for a login page are most important to ensure the login is functional, secure, and has a good user experience. Moreover, while creating test cases, you should cover various aspects like case sensitivity, account lockout, session management, and compatibility with different devices and browsers. Creating comprehensive test cases can minimize risks and offer a secure and seamless login experience.

Frequently Asked Questions

Which is not a good test case for functionality testing of a login page?

A test case for functionality testing of a login page that focuses solely on the visual layout or aesthetics of the page, without verifying actual functionality such as authentication or error handling, would not be considered a good test case. Testing only the appearance of the login page neglects critical functional aspects necessary for ensuring its usability and security.

How do you write a test case for a password field?

It is very important to thoroughly design test cases for the login page. While Writing test cases for a password field, we need to define the requirements, create positive and negative cases, value cases for limits, and brainstorm unexpected scenarios. This approach will help us thoroughly test the password field.

How do I create a login test case?

Imagine any test scenario for the login page; give it a unique test case ID and Name. Define the objective and sequence of actions, including entering valid/invalid credentials, clicking on login, and verifying the desired outcome, like a successful login for valid credentials & error message display for invalid credentials.

Subscribe to get all our latest blogs, updates delivered directly to your inbox.


Scriptless Test Automation | What , Why it Matters & Examples
Top 6 Game Testing Tools You Need to Know
Power of POC in Testing: Your Exclusive Guide to Success