Reputation: 181
What can I do to store password safely in swift?
I am building a swift app and has user account. I need to keep their information (password) safely, I have read that using salted hash for the password is safe, but I wanted to know if it is recommended to use this and store the hashed password in my icloud kit (my dataBase)
Upvotes: 1
Views: 1415
Answers (1)
Reputation: 6705
The recommendation if you need the original should be to store passwords in the keychain. If you only need to store a hash for verification, salt it and store it as a SHA-256 HASH (and keep the salt in the keychain, possibly the hash too).
If you need to put passwords in the database on an iOS device, and for whatever reason the Keychain won't work for you, you should use SQLCipher, and have the user enter the DB password to unlock it, rather than storing the DB key anywhere. If you go this route, use a key derivation function such as PBKDF2 on the user input.
Generally, assume that any password you store is a security issue. Try not to store them yourself at all.
Upvotes: 3
Related Questions
- Using Swift's .hash for password storing/checking
- Password hashing using CryptoKit
- How can i store encrypted data
- Saving sensitive data securely in swift
- Simple way to store and read a password in apple keychain?
- Password encryption for variable in swift 4
- Using Swift, what is the best way to encrypt an object(s) for storage?
- Hash password in Swift application
- iOS - Password Encryption in Swift
- Where can I safely store passwords in Swift? Is CloudKit alright?