Login Use Case
The Login use case allows the Global Bank’s Internet Banking Application to identify customers. The system prompts the user to enter his or her account number and password. Each login attempt is logged for auditing purposes. The user is authenticated after the system successfully identifies the user. The system's transactions and customization options are available only to authenticated users.
Actors: Customer, System
Pre-Conditions: None
Actions
1. The customer enters his or her account number and password on the home page and clicks the Go button.
2. If the supplied credentials match those stored in the Customer Information database, the system presents the Consolidated Account Summary report. For more information, see the Consolidated Account Summary report use case.
3. The system shows a personalized welcome message that includes the customer’s name and last login date.
4. The auditing system logs each login attempt including the following information: customer name, channel, last login date, and context information indicating whether the login was successful.

*Alternative Flows *
Login on home page fails - If the supplied credentials on the home page are incorrect, the system redisplays the login screen. The customer may then reenter his or her credentials.
Login attempts and expiration: If the customer unsuccessfully attempts to login more than five times, the customer's account is disabled. The customer will need to speak with a bank representative to reactivate the account.
Login sessions are valid for 20 minutes: If the customer's session is inactive for more than 20 minutes, any attempt to access restricted information results in a redirection to the Login screen. The customer should open a new browser session.

Alternative Flows (out of scope)
First time logins: When a customer logs in to the system for the first time, the system prompts the customer to change his or her password before proceeding to the next page. This occurs when he or she first subscribes to the system or forgets the password and requests a new one.
Change password request: Customers may change their password. Passwords must comply with the system password policy. All attempts to change the password are logged in the Auditing and Security System.
Customer forgets the account number or password: If the customer forgets the account number or password, he or she needs to contact the Help Desk for assistance. In the case of the password, the Help Desk will assign a new password to the customer. After logging in with the newly assigned password, the system prompts the customer to change his or her password.
Business Rules (out of scope): Passwords must have a minimum length of four digits and a maximum length of eight digits. No more than two digits may appear consecutively. No more than two consecutive digits should appear in the sequence.
Comments: The 8-digit account number would likely be insufficient for a real bank over a large number of years.

Back To: UseCases