Save username-password with NSUserDefault, how and how much safe?

Sefran2 picture Sefran2 · Mar 6, 2011 · Viewed 8.2k times · Source

I would save a couple of values (username-password) with NSUserDefault.

First: is there a way to save them together (like in an array for example)? Second: is it safe? or do I have encrypt the password in a some way?

Answer

Ferruccio picture Ferruccio · Mar 6, 2011

Encryption will give you some security. The problem is your program would also have to decrypt the password, which means it must have the key stored in it somewhere. This will make it vulnerable to reverse-engineering. A better approach is to use an one-way function (such as a hash) on the password and store that hash value. When a user enters a password, you then apply the one-way function to the password and compare the result to the stored value. In this manner, the password cannot be compromised (well, there's always a dictionary attack, but that's a matter of password strength).

Instead of using NSUserDefaults, you would be better off using iOS Keychain Services. It's main purpose is to securely store user credentials. Apple has already done all the hard work for you. Take advantage of it.