Reputation: 6206
How to handle plain-text passwords
I'm working on an app that uses a certain webapp's API. The API requiers the (plain-text) user password to be passed on each call. As I'm unfamiliar with password best-practices (especially on mobile devices), I'm wondering what would be the best way and place to store the user password in my iPhone app. Any help is greatly appreciated.
Upvotes: 1
Views: 543
Answers (3)
Reputation: 1470
i store my encrypted password in NSUserDefaults. However, plain text passwords shouldn't go here as per my previous answer.
Upvotes: -1
Reputation: 6875
If you're storing sensitive data, you should be using the keychain. The API is a pain to use, but there is some good sample code out there.
NSUserDefaults is easy to use but offers no encryption. If the user's iTunes backup isn't encrypted, you can just run strings on the right backup file to see your stored preferences in plaintext (I confirmed this last week). See this thread.
Upvotes: 5
Reputation: 73966
Don't use NSUserDefaults, secure storage of passwords is exactly what the keychain services are for.
Upvotes: 2
Related Questions
- What is the best way to deal with plain text passwords in Go
- Regular Expression For Password in iPhone?
- Techniques to encrypt Text on iPhone to send over network
- Using text replacement in a password field in iOS
- Regular Expression for password in iPhone
- What's best practice for submitting passwords over http in iOS?
- iPhone Authentication Password Encryption
- How to convert String into password(while entering the text)in UITextField
- password textfield on iPhone
- Storing a passwords in NSString without being readable in memory