NSUserDefaults or keychain is better to save username and password in iPhone app

Asked 21/9, 2012 at 6:43 Answered 12/5, 2015 at 8:53

In my iphone app there is some confidential data like username, password and some urls to a webservice. Which one is better NSUserdefaults or keychain. Somebody says NSUserdefaults is insecure. Why it is insecure? and can any one give the pros and cons of each one.

Knead answered 21/9, 2012 at 6:43 Comment(0)

NSUserDefaults is quite easy to use and stores one value per key only. But apparently, it is not a very secure method, as there is no encryption.

But the Keychain is secure, though it is a bit hard to code. You can refer these link to use keychain access.

http://log.scifihifi.com/post/55837387/simple-iphone-keychain-code

you can also use this library deviced by Simon

https://github.com/goosoftware/GSKeychain

I hope it helps you!!

Injury answered 21/9, 2012 at 6:51 Comment(1)

Simon's github library is here now: https://github.com/sumanthk2006/GSKeychain – Pasteurizer 28/6, 2022 at 14:43

It may be useful to notice that Keychain data will be persisted even if you app is deleted, but NSUserDefaults data will go away with the app (NSUserDefaults is part of the app sandbox, Keychain is an app-independent service).

Deutschland answered 12/5, 2015 at 8:53 Comment(0)

Anything stored in NSUserDefaults can be (relatively) easily opened and read, whether on the device or in a (non-encrypted) backup to iCloud or to a sync'd Mac.

Keychain, on the other hand, is meant for stuff like certificates and passwords. I've linked an article titled "How Not To Store Passwords in iOS" which gives a bit more useful detail, as well.

Waisted answered 21/9, 2012 at 6:47 Comment(0)

Keychain is way better solution, because it is more secure, but anyway, if you would save this kind of information into the NSUserDefaults, your users wouldn't feel any different. If someone would hack their device, they could get information from Keychain, the same as they would get information from UserDefaults. So this question of security is rhetoric. But anyway, the good programming style is to save this data into the Keychain!

Stylopodium answered 21/9, 2012 at 6:47 Comment(0)

I would recommend you to use Keychains. Using Keychain, you can store your password in encrypted form. Take a look at Apple's GenericKeychain sample.

NSUserDefaults is a little less secure when compared with Keychain. In NSUserDefaults data can accessed easily if the specific key is known. This is not the case in Keychain.

You can also convert NSUserDefaults to Keychains. Take a look here.

Tuberosity answered 21/9, 2012 at 6:52 Comment(1)

In NSUserDefaults data can accessed easily if the specific key is known. This is not the case in Keychain. What do you mean by this? – Fishbolt 7/12, 2016 at 20:38

Recommended topics

Hot tags