How secure is NSUserDefaults compared to KeyChain

Question

How secure is NSUserDefaults compared to KeyChain

I want to know storage security by letting say custom login information like username and passwords in NSUserDefaults.

When it comes to storing such information, everyone says NSUserDefaults is bad and KeyChan is the right way to go. But they never say why NSUserDefaults is bad.

Is there a security risk to store the password in NSUserDefaults?

Will it be available to "hackers" when using NSUserDefaults instead of KeyChain?

+3

security ios passwords keychain nsuserdefaults

Arbitur Apr 22 At 13:06

source to share

2 answers

Thomson · Answer 1 · 2015-04-22T13:12:33+0000

NSUserDefaults are stored in text format in the bundlename.plist file on the device. Anyone with access to the device can open or copy the file and read the information without encryption.

Priest · Answer 2 · 2016-10-14T17:19:27+0000

Both methods use a unique key / value approach and this is their only common point.

NSUserDefaults

does not use encryption and is part of your application's sandbox. Thus, it will be removed after the application is uninstalled.

KeyChain

, on the other hand, is encrypted and stored regardless of your application.

So, for storing sensitive data like Login / Password pairs or security certificates, you should absolutely use KeyChain

.

Apple provided a sample project here: https://developer.apple.com/library/content/samplecode/GenericKeychain/Introduction/Intro.html

And you can definitely write your own wrapper for ease of use.

How secure is NSUserDefaults compared to KeyChain

More articles: