Verification and validation process for a password protection system must focus on security assessment. Validating a password protected system may include:
• Check for the password set to system is strong password which may consist of mixed alphanumeric characters and punctuation which are difficult to break.
• Password length should be of maximum size and is not same as the user name.
• Sessions should end after a period of inactivity and sessions should be ended at the time of logout.
• Never use cookies for storing passwords. Use hashed passwords to store in a database like SQL to avoid SQL poisoning attack.
• The files used in the application should have appropriate access permissions to avoid unauthorized access of the file.
