"Zero out" sensitive String data in Swift

Question

A user enters their password into a textField. I set an instance variable to this value:

let password = passwordTextField.text!

I want to ensure this data is not preserved anywhere, and so I want to "zero out" this data.

Is this as simple as setting it to nil when I am done? Or setting it to an empty string and then nil?

Answer 1

These are general UI security tips (From ios 7 programming cookbook written by Vandad Nahavandipoor)

• Ensure that all passwords and secure fields are entered, by the user, into instances of UITextField with their secureTextEntry properties set to YES.

• If the user is on a screen that contains personal information, such as the user’s credit card number or home address, set the hidden property of your app’s main window to YES in the applicationWillResignActive: method of your app delegate, and set the same property to NO (to show the window) in the applicationDidBecomeActive: app delegate method. This will ensure that the screenshot that iOS takes of your app’s UI when going to the background will not contain any of your window’s contents in it. This method is recommended by Apple.

• Ensure that you validate the user’s input in your text fields/views before sending them to a server. • Using the mechanisms that you’ve learned in this chapter, secure the user’s entry if you are storing it in files on disk or in the keychain.

• On screens where you accept a password or a numerical code for authentication, once the view controller is no longer on the screen, clear those password/code fields because the user won’t need them anymore. If you are not relinquishing ownership of those view controllers, their contents will stay in the memory. This includes the secure text field entries on those view controllers. It’s best to dispose of memory that contains sensitive information as soon as you are done with that data.

Answer 2

I don't think its possible to ensure there will be no trace of the data left on the system. As other answers suggested you could nil the variable but there is no guarantee the value is not saved in memory somewhere on the system.

I have heard of people storing sensitive data in char arrays but even then there is no guarantee it can be purged from memory, however it may be harder to track down the pieces of data if you use this method. I would however recommend not using this method in your particular case, because you would probably have to write your own UI elements as Alexander pointed out.