What is a good practice to save username and password on device?
I have gone through many answers on StackOverflow and now i am bit confused.
I am working on an email app and i want my user to feel absolutely safe while using it.
Some people suggest that we should encrypt it and save it in SharedPreference
. Some suggest we shouldn't save it on device at all.
I just want user's details to be stored at safest place possible.
Any help, suggestions would be highly appreciated.
Chrome: Click on the Menu button and then select Settings. Under Settings select Passwords. Under Passwords, select the toggle to turn on Save Passwords.
Google offers a built-in password manager in Chrome and Android that automatically saves and syncs all your login details across devices. It makes logging into various apps and services as simple as tapping on the login box and verifying your identity.
You should save users credentials using the AbstractAccountAuthenticator class. Not only is this super secure, it also makes your app feel more integrated with android. Have you ever gone to the "Accounts" screen in your android setting and seen your Facebook, Twitter, and GMail accounts there? That's because they're using an AccountAuthenticator. Also, it allows you to associate URIs/ContentProviders with particular user accounts. To see a really comprehensive (but complicated) example of all this, checkout the SampleSyncAdapter example.
Do you have any control of the server side, or is this a generic email client? If you can control the server side, I would do something like authenticate, then have the server generate a UUID and keep that locally to future api calls. Another idea would be to send a hash of the password to api calls instead of the actual password, then you can store just the password hash locally.
The issue with encrypting the username/password is that your code needs to be able to decrypt it, and if your code can decrypt it, somebody can reverse engineer your code and do that as well, although you can make it easier/harder by how you code and package it.
Once you figure out WHAT you're storing, you can figure out how you store it. One account? Shared prefs. Multiple accounts? Create a Sqlite DB.
I would suggest using http://ormlite.com/ to handle your db connections. I did a good chunk of the initial Android port work, and its now been enhanced/maintained by a top notch group of hackers. Very solid stuff.
See more Sqlite blog posts:
http://www.touchlab.co/blog/single-sqlite-connection/ http://www.touchlab.co/blog/android-sqlite-locking/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With