Test scenarios for a generic Login page

This list contains test scenarios for a generic login page

E2E positive test cases
Verify that valid user name and valid password works
Verify login by providing registered phone number (many test cases has to be repeated)
Verify that password is hidden and not visible after typing
Verify forgot password functionality
Verify 2FA functionality
Verify concurrent login (maximum number of allowed login sessions at once)
Verify “Remember Me” functionality
Verify once you click next, after entering a username, password page is visible
Verify once you are on password page, you can edit the username
Verify login page has an option to create a new account for the first time users

If the account is created in one country and accessed in another country, OTP should be asked (If OTP is supported)
If the account is accessed simultaneously in two diff countries - OTP should be asked
Verify that OTP is asked when the user tries to log in on different machines

Verify for username requirements such as length of the username, special characters, capital letters etc (each should be a separate test case)
Verify for password requirements such as length of the password, capital letters and special chars

Check session time out is as per the standards/specs

E2E negative test cases
Verify that invalid user name and valid password throws an error
Verify that valid username and invalid password throws an error
Verify that blank username throws an error
Verify that blank password throws an error
Verify by giving not supported special chars for username and password (if there are any in not supported chars list)
Verify that account gets locked after retrying for x number of times
Try User name and password of length which is greater than the supported length

Verify that clicking back button after logout does not take you back to the dashboard

Verify by logging with the old password after password change

Verify giving the current password only for a new password while changing the password

UX/UI
Verify the look and feel of the login page and make sure it matches UX spec
Verify all the buttons, text boxes - colors, layout, spacing is according to the UX spec
Verify that text’s font, color, spelling is according the UX spec
Verify brand logo (if there is one) is as per the spec

Verify copyright info is correct
Verify help and other links are working as expected

Localization test cases
Verify all words and sentences for grammar, spelling and meaning after changing the languages

Compatibility test cases 

Cross-browser/ cross os/ cross device test cases:

Verify UX look and feel is as per spec on all supported browsers

Verify on all supported devices and their versions. (e.g. Mobile/ Tablets, iOS/Android)

Verify on all supported OS versions (e.g.  Windows, Mac, Linux)

Performance  test cases
(we need to know the KPI - Key Performance Indicators - before writing these test cases)
Verify the time taken to log in
Verify that a large number of users can log in simultaneously
Verify how fast login happened when a large number of users are using the site
Verify max number of users supported

Security  test cases
Verify that when one of user name or password is wrong, the error message is same for both the cases (no hint on which one is wrong)
Verify for XSS attack by giving javascript as input for username and password
Verify the login page against SQL injection attack
(SELECT * FROM users WHERE name='tom' and password='' or '1'='1')
Verify only https connection can be made and lock (safe) icon is visible on the URL bar
Verify the timeout functionality of the login session
Verify that the back button does not take you to the dashboard after logging out
Copy the link after log in and paste it on another tab(works) and another browser(no login)
Copy and paste the password and it should not get displayed (still be hidden)

Database test cases
Verify that database maintains activity log of who logs in, when, from where (all info based on requirement)

Usability test cases
The user experience of login functionality - all the instructions are clear, all the buttons and texts are clearly visible, the entire login process is not ambiguous, scroll and navigations are smooth