Storing passwords in iPhone applications

Question

I have a simple application, based of the \"Utility Application\" template. It retrieves a password-protected XML file (via NSXMLParser).

I want to allow the user to

Answer 1

I agree with Ben. This is exactly what the Keychain is for.

I would not, under any circumstances simply store passwords in the defaults as dbr suggests. This is highly insecure. You're essentially storing your passwords in the open.

In addition to Apple's sample code, I also recommend Buzz Anderson's Keychain code: iPhone Keychain Code

Answer 2

This is exactly what Apple developed the Keychain for. Using Keychain, you can store your password in encrypted form. Take a look at Apple's GenericKeychain sample.

Answer 3

Aha, NSUserDefaults seems to work, and is simple to use, but isn't secure in the slightest:

password is the IBOutlet for the UITextField.

- (void)viewWillAppear:(BOOL)animated
{
    NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
    NSString *pword = [prefs objectForKey:@"password"];
    password.text = uname;
}

- (void)viewWillDisappear:(BOOL)animated{
    NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
    [prefs setObject:password.text forKey:@"password"];
}

The password is stored in plain-text in a plist, so it would be quite easy for someone else to access.. but this is useful for storing non-sensitive settings.

I ended up using this to store the username field, and stored the password using the SFHFKeychainUtils keychain code from August's answer.