Passwords have been common and convenient method of user data protection for a long time. In spite of rapid advancing of information technology and appearance of plenty smart devices and programs, passwords remain widely utilized.
Often a combination of the user login and password is the only protection of the account. That is why authorization procedure must be carefully examined in course of web site testing, desktop testing and mobile application testing.
Specialists in security testing notice that mobile software products require even higher security level than desktop ones, because the users take mobile devices everywhere and can lose them, or they can be stolen.
Checking Authorization Procedure of a Mobile Program One Should Verify:
- if the program asks to login, when the user turns off the device and then turns it on, and tries to proceed to work with the program;
- whether it is necessary to login after sending the tested program to the background, working with another one, and then coming back to it;
- if it is possible to avoid logging in somehow and go on working with the program, for example, by sending the authorization screen to background;
- if the password symbols are hidden so that people who are nearby cannot see them; as a rule, instead of the password symbols “*” are displayed.
A software testing company checks the mentioned authorization issues manually, but there are other password related cases that can be verified in course of automated testing.