-3

I would like to add 4-pin password protection to my android app, something like in Evernote app.. The user should have an option to enable or disable the password protection. But I have no idea where to start...

  1. Layout: I want four boxes that accepts only numbers.May be using editText is an option. But i'm not quite sure about the keypad.

  2. Password storage: Would using shared preferences work?

  3. How to add an option to reset password? Should i make a small webservice for it? However my application doesn't use internet,more like a calculator. I'm using sqLite to store data.

    Could somebody brief the steps I should follow? My questions may be silly, but i'm completely new in android and i'm helpless. Would appreciate your response. Thank you

Anjali
  • 37
  • 2
  • 6
  • 2
    Search on _Google_ there are lots of 3rd party libraries available. – M D May 12 '15 at 05:17
  • I'm not an Android developer anymore (was a long time ago) but shared preferences, from a security standpoint, doesn't sound safe. I would go with something encrypted. The Android equivalent of the iOS Keychain. – JoshA May 12 '15 at 05:17
  • yes you can do it. use shared preference. when your app start, then check wether user is enabled 4 pin check or not. if its enabled, then call the intent that show the password entering screen. check the password with the value in shared preference. if its equal, then go to your screen. if you want to reset password, ask the user to verify his email id or mobile number. then check it with your preference. – Rince Thomas May 12 '15 at 05:18
  • 1) yes you have to use editText and for hide that password set type password 2)shared prefrance is work for storing password 3)yes have to use webservice and with that random number will be get as response as well user can get that number via email and than reset it with your prefrance. – Ajay Pandya May 12 '15 at 05:19

2 Answers2

-1

You just need two screens, One for setting the password, the other which opens everytime user opens the app

  1. In the first screen, use four edittexts horizontally with custom background, that will make them rectangular in shape (one example is this), set the input type "numberPassword", this will open the number pad and accept passwords.. Also limit the number of characters in each edittext as 1.. Once user is done entering value in all edittexts, combine them.

    String pass= editText1.getText().toString()+editText2.getText().toString()+.. and so on

And store in sharedpreferences:

SharedPreference sp=getSharedPreference("password",pass);

  1. Make the same layout in second screen and when user is done entering value, again combine all the four and check with the one you stored in SharedPreference.. eg:

    if(editText1.getText().toString()+editText2.getText().toString()
+.. and so on).equals(sp.getString("password",""){
       //Intent to your main activity
  }

  else{
   Toast.makeText(getApplicationContext(),"Incorrect Password",Toast.LENGTH_LONG).show();
  }
Community
  • 1
  • 1
Prakhar
  • 710
  • 6
  • 24
  • Anyone visiting this question in the future! In this answer the word "`pass`" and "`and`" appears to be blue like language keywords. Yes they are keywords in `Python` and not in `Java` but StackOverflow site have assumes that they are key words for this question of `Java` do not be confused by the color it will work. – Xenolion Oct 09 '17 at 08:29
-2

I dont like the answers above. You save the pin-string unencrypted with shared preferences, you should look for a method to encyrpt the string und decryp every time you ask the user to enter it. Shared preferences are not save, with physical access to the phone it's possible to read the pin out easily. What is the most appropriate way to store user settings in Android application

"The only area of concern here is what you're saving. Passwords are always a tricky thing to store, and I'd be particularly wary of storing them as clear text. The Android architecture is such that your application's SharedPreferences are sandboxed to prevent other applications from being able to access the values so there's some security there, but physical access to a phone could potentially allow access to the values."

I used BCrypt to save my pin securely. Simple to handle:

String hashpw=BCrypt(yourstring,BCrypt.gensalt());

Then save that string as usually in your sheared preferences.

To verify/enter pin just make:

If(BCrypt.checkpw(inputString,yourSharedPreference)){
//open app
}
else{
//acces denied toast
}
Jones
  • 141
  • 1
  • 9
  • You can [edit] your answer to improve it. And, `don't like` isn't very helpful. If you think another answer is incorrect, downvote it. And explain *why* it's wrong in your answer. – O. Jones Feb 21 '19 at 16:15