CAPTCHA (‘Completely Automated Public Turing Test to tell computers and humans apart’) is implemented into forms to differentiate between humans and computers. This is done for security purpose (such as to prevent hacking), and also to prevent automated spamming bots from spamming.
List of test cases:
1. The CAPTCHA code screen should be visible to user across all browsers, and it should be readable.
2. The CAPTCHA code should be in Image format.
3. The cookie saved in browser for the CAPTCHA verification should be encrypted
4. There should be an option to Regenerate the code, and a new code should be generated on clicking the link
5. The CAPTCHA code should be regenerated when the page is refreshed.
6. The CAPTCHA code should be regenerated when invalid code is submitted
7. User should not be able to copy/paste the CAPTCHA code
8. The CAPTCHA code should be Case Sensitive or vice-versa (requirement dependent).
9. When invalid CAPTCHA is submitted, the rest of the form fields should not get cleared.
10. When invalid CAPTCHA is submitted, the form should not get submitted, and a proper error message should be displayed.
11. Form should get submitted when a valid CAPTCHA code is entered
12. When CAPTCHA is regenerated, Form should get submitted only with the regenerated code.
13. Form should not get submitted when code is regenerated but the previously displayed CAPTCHA code is submitted.
14. In case of CAPTCHAs containing 2 words (2 CAPTCHAs), when the user enters only one valid captcha for the two, the form should not get submitted, and a proper error message should be displayed.
15. The CAPTCHA code should not be confusing. For eg: Zero and O (Alphabet),numbers 6 and 9
16. The audio version of CAPTCHA should work (requirement dependent).
17. System should not take partial CAPTCHA code as valid
– Enter only first and last letter from the Code
– Enter correct first and last letter from the Code with other invalid characters in between, keeping the length same as that of the valid CAPTCHA
– Enter the correct CAPTCHA code, followed by a random character
18. CAPTCHA codes generated should be sufficiently random