What is the best way to use SharedPreferences to store a login / password or authorization token? I want to protect them at least a little from unauthorized access.

  • one
    If simple, you can store both in preferences and in the database and somewhere else .. the main thing is to encrypt. Java has its own javax.cripto package, Android has its own Android system Android Keystore / there is another answer - pavlofff

1 answer 1

  1. Password can not be stored
  2. If you decide to keep the password all the same, see item 1
  3. If you really really want to read below:

It is necessary to store:

 String hashString=hash(password+salt);

Where:

salt random string generated by cryptoresistant RNG

hash() - a crypto - resistant hash algorithm - best iterative something like 100k iterations

It is necessary to store hashString and salt

  • No, the password is not in the application, the password to the server. Old legacy. No tokens. The user will indicate it once, but then you need to remember, because asking every time is not an option at all. I remembered, we in a similar case made a pin and a symmetric algorithm, anything better than nothing. It will be necessary to look at the work with the fingerprint scanner while I know nothing about it. - tse
  • Your answer, which pavlofff pointed out to me, is more into the subject. - tse
  • In the specified context, the option in the old answer is more efficient - this is yes. Only it is necessary to store not a password - but a key / token - Barmaley