How secure is NSUserDefaults compared to KeyChain
I want to know storage security by letting say custom login information like username and passwords in NSUserDefaults.
When it comes to storing such information, everyone says NSUserDefaults is bad and KeyChan is the right way to go. But they never say why NSUserDefaults is bad.
Is there a security risk to store the password in NSUserDefaults?
Will it be available to "hackers" when using NSUserDefaults instead of KeyChain?
source to share
Both methods use a unique key / value approach and this is their only common point.
NSUserDefaults
does not use encryption and is part of your application's sandbox. Thus, it will be removed after the application is uninstalled.
KeyChain
, on the other hand, is encrypted and stored regardless of your application.
So, for storing sensitive data like Login / Password pairs or security certificates, you should absolutely use KeyChain
.
Apple provided a sample project here: https://developer.apple.com/library/content/samplecode/GenericKeychain/Introduction/Intro.html
And you can definitely write your own wrapper for ease of use.
source to share