There are more than 12 Test cases-
1)Can not login without user name and password
2)Can not login without user name
3)Can not login without password
4)Can not login only with entering spaces in user name and password
5)Can not login with invalid username and password
6)Can not login with invalid username and valid password
7)Can not login with valid username and invalid password
8)Can login with valid username and password
9)Can not enter more than 20 char in username
10)Can not enter more than 20 char in password
11)Default focus is on the Username Text box
12)Tab order of the form
13) All other Application Specific cases
* Create only one generalised script
[This message has been edited by amitathawale (edited 05-22-2002).]
The other cases may include:
-Whether user name and password can be same or not.
-If entering password is mandatory then what is the minimum length.
-Special characters are allowed or not (including leading or trailing spaces)
-Password is case-sensitive or not
-Copy from password field should not be allowed.
And of course you can also add tests for the definition of users (add, modify, delete, count limits, allowable character sets...), their authorization levels if any, whether an initial password is sufficient for total access, whether timeouts are involved, and whether certain critical operations/features have their own password requirements. Regarding the last item, you'd need to visit every actionable location within the AUT to ensure proper protection. And since you're working with a web app' how about using the Back button to expose a previous user's run?
Another interesting, and often missed test is whether the file containing password/user definitions can be compromized - ie: exposed, or deleted. Is the user allowed to store his/her password locally with cookies? Is that text readable? Is the login text encrypted when it's transmitted? How about the contents of all subsequent interactions?
I think you'll find that the list of possible tests might be considered endless. Start from the spec and go from there.