Core Data or NSUserDefaults to avoid manipulation of the user?

Question

What is the best way to save data (e.g. passwords) which the user can't manipulate or see? NSUserDefaults are getting saved in a file on the Mac which the user can manipulate and see. How about Core Data? Is this also saved in a file or is there a way that the user can see the Core Data?

use the keychain - https://developer.apple.com/library/mac/documentation/Security/Conceptual/keychainServConcepts/iPhoneTasks/iPhoneTasks.html — pds, Jul 20 '16 at 23:02
Yes, core-data files can be accessed easily. The best solution is to encrypt the data you need hidden. — john elemans, Jul 20 '16 at 23:02
there's a great wrapper for the keychain https://cocoapods.org/pods/SSKeychain — markedwardmurray, Jul 21 '16 at 07:01

score 12 · Accepted Answer · answered Jul 20 '16 at 23:04

NSUserDefaults definitely shouldn't be used to store passwords because it is stored in plain text. Core data can be encrypted, but it isn't by default. It stores all of its data in a SQLite database which is really easy to read. Passwords should be stored in the system Keychain. The keychain can be accessed with the Security Framework.

There are several libraries out there that make using the keychain much easier, eg: Locksmith or Valet.

score 1 · Answer 2 · edited May 23 '17 at 10:30

1

In addition to @esthepiking's suggestion to use Keychain, be aware that implementing your own encryption to store passwords might create obligations for you to provide more paperwork under the App Store's "Export Compliance" requirements. See this post.

edited May 23 '17 at 10:30

Community

1
1

answered Jul 21 '16 at 04:44

jp2g

682
4
8

score 0 · Answer 3 · answered Jul 21 '16 at 08:34

0

You can see this link to get the example to use ios Keychain Services to store and retrieve user name and password securely

answered Jul 21 '16 at 08:34

Saraswati

1,516
1
14
21

Core Data or NSUserDefaults to avoid manipulation of the user?

3 Answers3