How secure is NSUserDefaults compared to KeyChain

I want to know storage security by letting say custom login information like username and passwords in NSUserDefaults.

When it comes to storing such information, everyone says NSUserDefaults is bad and KeyChan is the right way to go. But they never say why NSUserDefaults is bad.

Is there a security risk to store the password in NSUserDefaults?

Will it be available to "hackers" when using NSUserDefaults instead of KeyChain?


source to share

2 answers

NSUserDefaults are stored in text format in the bundlename.plist file on the device. Anyone with access to the device can open or copy the file and read the information without encryption.



Both methods use a unique key / value approach and this is their only common point.


does not use encryption and is part of your application's sandbox. Thus, it will be removed after the application is uninstalled.


, on the other hand, is encrypted and stored regardless of your application.

So, for storing sensitive data like Login / Password pairs or security certificates, you should absolutely use KeyChain


Apple provided a sample project here:

And you can definitely write your own wrapper for ease of use.



All Articles