Reputation: 39081
How safe is NSUserDefaults compared to KeyChain
I want to know the safety when storing lets say user login information such as username and passwords in NSUserDefaults.
In questions regarding how to store such info everyone say NSUserDefaults is bad and KeyChan is the right way to go. But they never say WHY NSUserDefaults is bad.
Is it a security risk to store a password in NSUserDefaults?
Will it be accessible to "hackers" if using NSUserDefaults instead of KeyChain?
Upvotes: 3
Views: 1441
Answers (2)
Reputation: 242
Both methods use a unique key/value approach, and that is their only common point.
NSUserDefaults uses no encryption and is part of your app's sandbox. Thus will be removed once the app is removed.
KeyChain on the other hand, is encrypted and persists independently of your app.
So for storing sensitive data such as Login/Password pairs, or security certificates, you should absolutely use KeyChain.
Here's an Apple provided sample project: https://developer.apple.com/library/content/samplecode/GenericKeychain/Introduction/Intro.html
And you can definitely write your own wrapper to simplify usage.
Upvotes: 2
Reputation: 181
NSUserDefaults are stored in plain text within the bundlename.plist file on a device. Everyone with access to a device can open or copy the file and read the information without encryption.
Upvotes: 1
Related Questions
- Storing authentication tokens on iOS - NSUserDefaults vs Keychain?
- Why is it obvious to not store password in NSUserDefaults?
- Save username-password with NSUserDefault, how and how much safe?
- Difference between Keychain and NSUserDefault?
- NSUserDefaults or keychain is better to save username and password in iPhone app
- Recommended way to store users credentials iOS?
- What is un-secure about NSUserDefaults, is manual encryption safe?
- Save username-password with iOS Keychain Services., how and how much safe?
- Store NSUserDefault in keychain
- Converting NSUserDefaults to Keychain?