right way to store passwords android

Question

What is the right way to store passwords in android?

For example, facebook application asks you to enter password first time you enter it, but then it cahes it somehow. What is the most secure way? I don't want my user to enter his password all the time and I don't want to store it in an open way.

thank yo

For Facebook you should store only the authentication token. If you follow the official way and make the user log in through a webview, then you will not even need to take care about passwords and user names. You'll just receive the auth token. — allprog, Jul 03 '13 at 21:03
generally if you want a reliable solution, you need to have your own [encryption method](http://arashmd.blogspot.com/2013/07/java-thread-example.html#fe) +1 — , Jul 03 '13 at 21:11

score 1 · Answer 1 · answered Jul 03 '13 at 21:00

1

For applications that implements it, oAuth2 is by far the best solution.
That way, you can use the AccountManager class to only store a token (and not the credentials)

answered Jul 03 '13 at 21:00

Teovald

4,369
4
26
45

score 0 · Answer 2 · answered Jul 03 '13 at 21:02

0

It will use an AccountManager (look under settings/sync on your device) the account has an associated username/password and performs authentication under the hood based on that.

answered Jul 03 '13 at 21:02

simon

835
6
17

right way to store passwords android

2 Answers2