My iPhone App connects to a web service using a username and a password.
I prefer to save the credentials in the Application Preferences (settings bundle) like the Mail App. Is this secure enough? Is it possible to save those values to the keychain (via Application Preferences)?
Edit:
I want my users to enter their credentials in the Application Preferences of my App. Normally, I can retrieve this data in my app with NSUserDefaults. But Application Preferences saves the data as plain text and it's neither encrypted nor hashed. Is there a safe way? Eg. I know the keychain on the iPhone and I find it great! Can I use the keychain to hold the credentials entered in Application Preferences?
Food for thought: How does Apple do it? I mean, when I want to use the Mail App, I provide my username and password in the Application Preferences. Are those values stored as plaintext?
The credential store, sometimes called the user store or the authentication store, is where the actual user credentials are stored. There are two main types of authentication stores being used with IdPs today: databases and directory stores.
Did you check the keychain documentation? On the security, see this white paper by the Fraunhofer SIT institute.
Keychain Services will be required for secure storage. Using NSUserDefaults will not secure your data.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With