Contact Us

A Primer on Passwords

By | | Test Methods & Metrics

Please note: This article was adapted from a blog posting in Karen N. Johnson’s blog on July 24, 2007.

Introduction

The password field is one data entry field that needs special attention when testing an application. The password field can be important (since accessing someone’s account can start a security leak), testers should spend more time on this essential field. Following is a brief discussion of different types of passwords.

Passwords: Salted, Mixed, Plain, and Cracked

A password field has to be strong enough to provide security. Following are several different types of password fields:

Salted Passwords

Salted passwords are passwords where random characters are added to the user’s passwords to improve security. These pseudo-random values are added to a password before the password is hashed and stored. From the point of view of an end-user there is no difference in creating or using the password field. The value of the salted password is the added protection it provides to the user and the system. A salted password is a stronger password that is much less vulnerable to brute-force and dictionary attacks.

Mixed Passwords

Mixed passwords are passwords requiring a mix of both alpha and numeric characters. The requirement might include mixed upper and lower case alpha characters as well as special characters. The rule-of-thumb is simple, the more characters in the password field and the more varied the mix, the stronger the password. For information on how long it takes to break a password see: Password Recovery Speeds.

The downside is, however, obvious. Better, longer, and more complex passwords are simply hard to remember. There are, however, tools that can help (see the sidebar about Password Safe).
Need Help Remembering Passwords?

Password Safe is a free utility for storing passwords. The “safe” itself is password protected with a very strong password helping to keep all of your stored passwords safe.

Plain Passwords

Plain passwords are passwords that contain none of the variety outlined above that makes a password harder to crack. These are, of course, the easiest passwords to remember. They are also among the least secure. Because of this, many websites and applications do not allow plain passwords anymore.

Conclusion

Understanding passwords, their strength, and how they can be broken, is an essential skill for anyone who is going to be testing this field and functionality. Testing of passwords should be incorporated into the test plan for any application or website.

Good Password Resources

Karen N. Johnson

Karen N. Johnson is an independent software test consultant. She is a frequent speaker at software testing conferences and is an active participant in several software testing workshops. She serves as a Director on the Board for the Association for Software Testing and is a panel expert on Tech Target’s web site www.searchsoftwarequality.com. For more information about Karen, visit http://www.karennjohnson.com/.

TAG:

Karen N.Johnson
Karen N. Johnson is a longtime active contributor to the software testing community. Her work is often centered on helping organizations at an enterprise level. Her professional activities include speaking at conferences both in the US and internationally. Karen is a contributing author to the book, Beautiful Testing by O’Reilly publishers. She is the co-founder of the WREST workshop, the Workshop for Regulated Software Testing. She has published numerous articles; she blogs and tweets about her experiences. Find her on Twitter as @karennjohnson (note the two n’s) and her website: http://www.karennicolejohnson.com. Karen is Director Jamf Now, Development & Delivery at Jamf. See: https://www.jamf.com

The Related Post

Developing A Mobile Testing Strategy
In today’s mobile-first world, a good app is important, meaning an effective Mobile Testing strategy is  essential.  
Test Design Focused on Expediting Functional Test Automation
Test organizations continue to undergo rapid transformation as demands grow for testing efficiencies. Functional test automation is often seen as a way to increase the overall efficiency of functional and system tests. How can a test organization stage itself for functional test automation before an investment in test automation has even been made? Further, how ...
Book Review: 50 Quick Ideas to Improve Your Tests
They’ve done it again. Gojko Adzic, David Evans and, in this book, Tom Roden, have written another ‘50 Quick Ideas’ book. And this one is equally as good as the previous book on user stories. If not even better.  
Harry Robinson Talks Training
At VISTACON 2011, Harry sat down with LogiGear Sr. VP, Michael Hackett, to discuss various training methodologies. Harry Robinson Harry Robinson is a Principal Software Design Engineer in Test (SDET) for Microsoft’s Bing team, with over twenty years of software development and testing experience at AT&T Bell Labs, HP, Microsoft, and Google, as well as ...
LogiGear Magazine March Issue 2020: Smarter Testing Strategies for The Modern SDLC
March Issue 2020: Smarter Testing Strategies for The Modern SDLC
Test Everything All the Time...
Back from more training, I was up at a client in Bellevue and really enjoyed teaching a performance class to a world class testing organization. I found that the students were very receptive to many of the concepts and ideas that the class offers.
Mind Map: Tools for Testers
With this edition of LogiGear Magazine, we introduce a new feature, Mind Map. A mind map is a diagram, usually devoted to a single concept, used to visually organize related information, often in a hierarchical or interconnected, web-like fashion. This edition’s mind map, created by Sudhamshu Rao, focuses on tools that are available to help ...
Four Fundamental Requirements of Successful Testing in the Cloud - Part I
Internet-based per-use service models are turning things upside down in the software development industry, prompting rapid expansion in the development of some products and measurable reduction in others. (Gartner, August 2008) This global transition toward computing “in the Cloud” introduces a whole new level of challenge when it comes to software testing.
Do Testers Have to Write Code?
Do testers have to write code? For years, whenever someone asked me if I thought testers had to know how to write code, I’ve responded: “Of course not.” The way I see it, test automation is inherently a programming activity. Anyone tasked with automating tests should know how to program. But not all testers are ...
Jason Barile - Testing Testing
I’ve been reviewing a lot of test plans recently. As I review them, I’ve compiled this list of things I look for in a well written test plan document. Here’s a brain dump of things I check for, in no particular order, of course, and it is by no means a complete list. That said, if you ...
The Great Reads of Software Testing
Are you looking for the best books on software testing methods? Here are 4 books that should be on your reading list! The Way of the Web Tester: A Beginner’s Guide to Automating Tests By Jonathan Rasmusson Whether you’re a traditional software tester, a developer, or a team lead, this is the book for you! It ...
What About the V-Model?
The V-Model for Software Development specifies 4 kinds of testing: Unit Testing Integration Testing System Testing Acceptance Testing You can find more information here (Wikipedia): http://en.wikipedia.org/wiki/V-Model_%28software_development%29#Validation_Phases What I’m finding is that of those only the Unit Testing is clear to me. The other kinds maybe good phases in a project, but for test design it ...

Leave a Reply

Your email address will not be published.

Stay in the loop with the lastest
software testing news

Subscribe
SHARE: Facebooktwitterlinkedinmail