User: Password:
Subscribe / Log in / New account

Password storage on Android devices

Password storage on Android devices

Posted Aug 10, 2011 13:47 UTC (Wed) by hpro (subscriber, #74751)
Parent article: Password storage on Android devices

Doesn't iOS since long have an encrypted keychain, where applications can only access data stored by itself, or other applications signed with the same key?

Adding some type of credentials storage would not be a security panacea, but would surely make it a lot easier for app developers which would not have to worry about reinventing the security wheel, which we know from experience, is guaranteed to generate lots of really bad (unsecure) solutions.

If such a feature was part of the Android API, then the underlying mechanism can be improved over time, so if encryption key hardware modules make it in to hansets, that would be used and so on. It would even be imaginable that you could have a completely different back-end for the credentials storage that stores your (encrypted) passwords in the cloud, and give the user the possibility of controlling system-wide the timeout for passwords, and so on.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds