Contact Us

A Primer on Passwords

By | | Test Methods & Metrics

Please note: This article was adapted from a blog posting in Karen N. Johnson’s blog on July 24, 2007.

Introduction

The password field is one data entry field that needs special attention when testing an application. The password field can be important (since accessing someone’s account can start a security leak), testers should spend more time on this essential field. Following is a brief discussion of different types of passwords.

Passwords: Salted, Mixed, Plain, and Cracked

A password field has to be strong enough to provide security. Following are several different types of password fields:

Salted Passwords

Salted passwords are passwords where random characters are added to the user’s passwords to improve security. These pseudo-random values are added to a password before the password is hashed and stored. From the point of view of an end-user there is no difference in creating or using the password field. The value of the salted password is the added protection it provides to the user and the system. A salted password is a stronger password that is much less vulnerable to brute-force and dictionary attacks.

Mixed Passwords

Mixed passwords are passwords requiring a mix of both alpha and numeric characters. The requirement might include mixed upper and lower case alpha characters as well as special characters. The rule-of-thumb is simple, the more characters in the password field and the more varied the mix, the stronger the password. For information on how long it takes to break a password see: Password Recovery Speeds.

The downside is, however, obvious. Better, longer, and more complex passwords are simply hard to remember. There are, however, tools that can help (see the sidebar about Password Safe).
Need Help Remembering Passwords?

Password Safe is a free utility for storing passwords. The “safe” itself is password protected with a very strong password helping to keep all of your stored passwords safe.

Plain Passwords

Plain passwords are passwords that contain none of the variety outlined above that makes a password harder to crack. These are, of course, the easiest passwords to remember. They are also among the least secure. Because of this, many websites and applications do not allow plain passwords anymore.

Conclusion

Understanding passwords, their strength, and how they can be broken, is an essential skill for anyone who is going to be testing this field and functionality. Testing of passwords should be incorporated into the test plan for any application or website.

Good Password Resources

Karen N. Johnson

Karen N. Johnson is an independent software test consultant. She is a frequent speaker at software testing conferences and is an active participant in several software testing workshops. She serves as a Director on the Board for the Association for Software Testing and is a panel expert on Tech Target’s web site www.searchsoftwarequality.com. For more information about Karen, visit http://www.karennjohnson.com/.

TAG:

Karen N.Johnson
Karen N. Johnson is a longtime active contributor to the software testing community. Her work is often centered on helping organizations at an enterprise level. Her professional activities include speaking at conferences both in the US and internationally. Karen is a contributing author to the book, Beautiful Testing by O’Reilly publishers. She is the co-founder of the WREST workshop, the Workshop for Regulated Software Testing. She has published numerous articles; she blogs and tweets about her experiences. Find her on Twitter as @karennjohnson (note the two n’s) and her website: http://www.karennicolejohnson.com. Karen is Director Jamf Now, Development & Delivery at Jamf. See: https://www.jamf.com

The Related Post

Bonus Bugs
One of the most dreaded kinds of bugs are the ones caused by fixes of other bugs or by code changes due to feature requests. I like to call these the ‘bonus bugs,’ since they come on top on the bug load you already have to deal with. Bonus bugs are the major rationale for ...
Blogger of the Month: Karen N. Johnson
Karen N. Johnson began as a technical writer in 1985 and later switched to software testing in 1992. She maintains a blog at TestingReflections, a collaborative site where she is featured as a main contributor. In her latest entry, she discusses search testing with different languages. Here is an excerpt from her blog: “I started ...
LogiGear Magazine - Mar 2016 - Test Design
MARCH 2016_ TEST DESIGN ISSUE
LogiGear Magazine March Issue 2021: Metrics & Measurements: LogiGear's Guide to QA Reporting and RO...
LogiGear Magazine March Issue 2021: Metrics & Measurements: LogiGear’s Guide to QA Reporting and ROI
How to Reduce Duplicate Bug Reporting by 75%
Reducing the pester of duplications in bug reporting. Both software Developers and Testers need to be able to clearly identify any ‘Bug’, via the ‘Title’ used for the ‘Bug Report’.
Is Action Based Testing an Automation Technique?
Introduction Keyword-driven methodologies like Action Based Testing (ABT) are usually considered to be an Automation technique. They are commonly positioned as an advanced and practical alternative to other techniques like to “record & playback” or “scripting”.
LogiGear Magazine March Issue 2018: Under Construction: Test Methods & Strategy
LogiGear Magazine March Issue 2018: Under Construction: Test Methods & Strategy
Formulating a Software Test Strategy
This article was adapted from a presentation titled “How to Optimize Your Web Testing Strategy” to be presented by Hung Q. Nguyen, CEO and founder of LogiGear Corporation, at the Software Test & Performance Conference 2006 at the Hyatt Regency Cambridge, Massachusetts (November 7 – 9, 2006). Click here to jump to more information on ...
Something Old, Something New: Requirements and Specifications
Differences in interpretation of requirements and specifications by programmers and testers is a common source of bugs. For many, perhaps most, development teams the terms requirement and specification are used interchangeably with no detrimental effect. In everyday development conversations the terms are used synonymously, one is as likely to mean the “spec” as the “requirements.”
VISTACON 2010 Keynote - the Future of Testing by BJ Rollison
VISTACON 2010 – Keynote: The future of testing THE FUTURE OF TESTING BJ Rollison – Test Architect at Microsoft VISTACON 2010 – Keynote   BJ Rollison, Software Test Architect for Microsoft. Mr. Rollison started working for Microsoft in 1994, becoming one of the leading experts of test architecture and execution at Microsoft. He also teaches ...
High-Performance Testing
This article first appeared in BETTER SOFTWARE, May/June 2005. Executives and managers, get your performance testing teams out of the pit and ahead of the pack Introduction As an activity, performance testing is widely misunderstood, particularly by executives and managers. This misunderstanding can cause a variety of difficulties-including outright project failure. This article details the ...
Key Success Factors for Keyword Driven Testing
Introduction Keyword-driven testing is a software testing technique that separates much of the programming work of test automation from the actual test design. This allows tests to be developed earlier and makes the tests easier to maintain. Some key concepts in keyword driven testing include:

Leave a Reply

Your email address will not be published.

Stay in the loop with the lastest
software testing news

Subscribe
SHARE: Facebooktwitterlinkedinmail