How to Test Passwords?

The concept of “password” was often used for various kinds of protection. For example, earlier it was used to enter the city and move around safely. Nowadays, passwords are used everywhere to protect property (documents in safes, money in banks, items in luggage), as well as digital information on our hard drive, devices, and, more commonly, websites.

A password is a word or a set of characters designed to confirm identity or authority. Passwords are used to protect information from unauthorized access on websites.

Currently, a single unified format for creating passwords does not exist, so each website that requires authorization has its own view of what a password should be. Some websites do not impose restrictions on users at all, even on the minimum number of characters, while others require too much. Sometimes you can find requirements for passwords like “at least eight characters, with a symbol at the beginning and a number at the end, be sure to have both lowercase and uppercase letters, with special characters, dashes, and underscores, etc.” Without any doubt, this password will be excellent protection not only from hackers but also from the very user. Having solved this difficult problem, the user will forget what they came up with in a few hours.

Ideally, the password field should not have restrictions on the types of characters entered, but you need to write a hint of how complex is the password the user created. If entering all characters is allowed (from letters and numbers to special characters and spaces) the hackers will find it harder to guess a password. Unfortunately, not all users make good use of their imaginations and the possibilities that developers provide.

Most Popular Passwords

There is a list of the most popular passwords that are poorly suitable for protecting personal data, but they are still used. Top 10 popular passwords:

• 123456
• password
• 12345678
• qwerty
• 123456789
• letmein
• 1234567
• football
• iloveyou
• admin

As you can see, the worst passwords are simple sets of numbers and short common words. Compared to them, even the qwerty12345678 combination will serve as better protection. It is important to create complex passwords with several types of characters, preferably without using complete words.

For those who find it difficult to create such passwords, there are special generators, both in the form of separate websites and functions in browsers. For example, Google Chrome can suggest strong password options on the sign-up page using the key icon in the password field. However, it is impossible for an ordinary person to remember them unless they use the function of saving the password in the browser. On the internet, you can find many guidelines for remembering passwords, from rhyming to visualization. We will not touch on this topic in this article.

How to Test Passwords?

Now, having understood the essence of the password and the problems of its use, let’s consider what needs to be tested in the password input field. In addition to the obvious tests, such as the alignment of margins, the width, and height of the field, you should test the following:

1. Validation Rules

Before starting testing, you need to know what specific validation rules did developers make. As already mentioned, some websites have their own idea of the correct password, so you cannot report a bug that a six-digit password is not accepted if this is not provided for by validation.

2. Required Fields

Check if the fields “password” and “confirm password” are required. Field values must be the same. Sometimes for some reason websites have difficulties with the second field “confirm password” and it is not validated on the website.

3. Hidden Symbols

The data in the password field must be displayed with circles, dots, or asterisks. The right side of the field may have an icon for enabling/disabling the display of the password, and you need to test this too.

4. Cross-browser Testing

Continuing talking about icons in the field, you need to test the password in different browsers, since, for example, Safari has an icon for password substitution. If the developers did not take this moment into account, then this icon can overlap with the other password display icon.

5. Old Passwords

The password field on the website is present not only in the sign-up form but also on the page for editing personal data. It is better if the old user passwords are stored in the database and the system does not allow changing the password to the one that has already been used. To ensure security, each new user password must be different from the previous ones and is unique within the account.

6. Displaying Rules

If a website sets its own rules for the type of password, then for the user’s convenience, these rules should be written next to the field before submitting the form. It is not very user-friendly if the user finds out about the error before the rules were presented.

7. Validations Before and After Submitting the Form

Before testing, you need to know exactly when the password field is being validated. Some websites, even before the form is submitted, display a tooltip near the field with errors made.

8. Strength Indicator

Sometimes developers add it to encourage the user to create a more complex password to protect the account better. When testing the strength indicator, check what exactly is considered to determine the strength – only the number of characters or also the variety of their types.

These simple tips will help you test the password fields and find the main errors that prevent the user from continuing to use the product and go beyond the sign-up form. If you don’t get familiar with the website at the very beginning, then you can say goodbye to a potential client. Do not forget that the user is the main critic and their convenience is paramount.