Storing passwords in iPhone applications

Question

I have a simple application, based of the "Utility Application" template. It retrieves a password-protected XML file (via NSXMLParser).

I want to allow the user to set a username and password in the "FlipsideView", how would I go about this?

I have the basics in place, the two UITextField boxes, the value of which gets set to a fixed value when the view loads (using the viewWillAppear method), and NSLog'd when the view is closed (the NSLog is just for testing, obviously, in the viewWillDisappear method)

How do I store the data? I've had a look at the Developer documentation, and it seems like I should be using NSUserDefaults..?

Answer 1

Aha, NSUserDefaults seems to work, and is simple to use, but isn't secure in the slightest:

password is the IBOutlet for the UITextField.

- (void)viewWillAppear:(BOOL)animated
{
    NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
    NSString *pword = [prefs objectForKey:@"password"];
    password.text = uname;
}

- (void)viewWillDisappear:(BOOL)animated{
    NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
    [prefs setObject:password.text forKey:@"password"];
}

The password is stored in plain-text in a plist, so it would be quite easy for someone else to access.. but this is useful for storing non-sensitive settings.

I ended up using this to store the username field, and stored the password using the SFHFKeychainUtils keychain code from August's answer.

Answer 2

This is exactly what Apple developed the Keychain for. Using Keychain, you can store your password in encrypted form. Take a look at Apple's GenericKeychain sample.

Answer 3

I agree with Ben. This is exactly what the Keychain is for.

I would not, under any circumstances simply store passwords in the defaults as dbr suggests. This is highly insecure. You're essentially storing your passwords in the open.

In addition to Apple's sample code, I also recommend Buzz Anderson's Keychain code: iPhone Keychain Code