Your password example is a classic example in favor of automation, once you have the infrastructure for entering a password and detecting rejection adding more cases should be simple and cost effective.
You use the term Negative Testing to describe a type of scenario, but keep in mind that it is functional the same way as any other sunny day scenario, entering a wrong password is something users are allowed to do and not something evil.
Real Negative tests are somewhat more meaningful when used in the code level, for example checking for NULL pointers- this is not something a user of a function should do (unless it is part of normal usage of course)
So, to summarize- you should do negative testing and you should build your automation in such a way that it is not requiring “lot of code to be done”
Source link https://sqa.stackexchange.com/questions/12894/negative-testing-automation