I want to know the safety when storing lets say user login information such as username and passwords in NSUserDefaults.
In questions regarding how to store such info everyone say NSUserDefaults is bad and KeyChan is the right way to go. But they never say WHY NSUserDefaults is bad.
Is it a security risk to store a password in NSUserDefaults?
Will it be accessible to "hackers" if using NSUserDefaults instead of KeyChain?
Both methods use a unique key/value approach, and that is their only common point.
NSUserDefaults uses no encryption and is part of your app's sandbox. Thus will be removed once the app is removed.
KeyChain on the other hand, is encrypted and persists independently of your app.
So for storing sensitive data such as Login/Password pairs, or security certificates, you should absolutely use KeyChain.
Here's an Apple provided sample project: https://developer.apple.com/library/content/samplecode/GenericKeychain/Introduction/Intro.html
And you can definitely write your own wrapper to simplify usage.
NSUserDefaults are stored in plain text within the bundlename.plist file on a device. Everyone with access to a device can open or copy the file and read the information without encryption.
