Storing authentication tokens on iOS - NSUserDefaults vs Keychain?

ios objective-c api nsuserdefaults keychain
Doug Smith picture Doug Smith · May 28, 2013 · Viewed 29.8k times · Source

Which is the place I should be storing tokens for when the user logins in to a service? I'm not saving passwords (obviously where I'd use the Keychain) but just the token. A lot of places say just use NSUserDefaults but some people on StackOverflow seem really keen on the Keychain.

Is NSUserDefaults fine?

Answer

lxt picture lxt · May 28, 2013

I would highly recommend you use the keychain - it's exactly what Facebook do for storing their session tokens.

NSUserDefaults is not secure or encrypted - it can be easily opened and read, both on device and when synced to a Mac. So whilst user defaults is a good place for things like preferences and config info, it's not a good place for anything sensitive, like passwords.

Session tokens should almost always treated the same as passwords, so you should store them securely in the keychain, where they'll be encrypted. Apple have some sample code (GenericKeychain) that shows a basic implementation, and you'll find other examples by searching StackOverflow. Hope that's helped you out.

Related questions

How to link to apps on the app store

I am creating a free version of my iPhone game. I want to have a button inside the free version that takes people to the paid version in the app store. If I use a standard link http://itunes.apple.…

Read More
How can I make a UITextField move up when the keyboard is present - on starting to edit?

With the iOS SDK: I have a UIView with UITextFields that bring up a keyboard. I need it to be able to: Allow scrolling of the contents of the UIScrollView to see the other text fields once the keyboard is …

Read More
How do I check if a string contains another string in Objective-C?

How can I check if a string (NSString) contains another smaller string? I was hoping for something like: NSString *string = @"hello bla bla"; NSLog(@"%d",[string containsSubstring:@"hello"]); But the closest I could find was: if ([string rangeOfString:@"hello"] == 0) { NSLog(@"…

Read More