5

I am curious to know what is the difference between storing user credentials in NSUserDefaults and in iOS Keychain. As per I am using NSUserDefaults to store the username and password and access in throughout the app. I also read about keyChains, but I don't understand that which one is more better for security purpose?. Is UserDefaults is insecure for saving user credentials?.

Gourav Joshi
  • 2,419
  • 2
  • 27
  • 45
  • 1
    Safety. Keychain is more secured (like the Keychain.app on your Mac). Also NSUserDefaults should be empty when app is uninstalled/reinstalled. – Larme Sep 15 '17 at 09:37
  • 1
    Please do not store any information in NSuserDefaults. You are going to put a risk in app if you are saving credentials in NSUserDefault.If in case you want to store credentials then please use Keychain. I would suggest do not force to store credential to store in device unless you are not bound to do it. If you have to store then user Keychain. The most secure & trusted. – Gagan_iOS Sep 15 '17 at 09:37
  • Thanks for you comment, please provide any example or reference. I tried from my side but I don't understand the concept. – Gourav Joshi Sep 15 '17 at 09:40
  • 1
    @Larme That changed in iOS 10 I believe: now the keychain data too is deleted on uninstall. The original spec didn't mandate one way or the other, and it was just a widely known implementation detail I think. Now, Apple changed it so potentially confidential data doesn't hang around... – Nicolas Miari Sep 15 '17 at 09:46
  • You can check answer https://stackoverflow.com/a/46237575/7576100 – Jack Sep 15 '17 at 10:48

1 Answers1

0

UserDefaults is local and not secure. IOS KeyChain, can be passed through iCloud and requires the user has logged in.

iCyberPaul
  • 650
  • 4
  • 15