Where to store sensitive data?


#1

In my app, I have to store user’s account password. As far as I understand, there is no other alternatives, but to use local storage. I’ve done some research and it seems that local storage is not completely secure yet.

I guess, I could encrypt the password, but where would I store the encryption key?

Besides that, are there any other security best practices? Besides the obvious “send everything over HTTPS” one.


#2

Probably the best it to authenticate user on remote server then use (and store) jwt token on your app. See http://jwt.io


#3

+1 for using jwt authentication token, and then include it in headers with every request to private API and decode it on server.


#4

jwt is a nice solution, but let’s assume that I can’t change the backend APIs. It’s a simple basic auth. Any other ideas?


#5

If the data is not critical, store encrypted password on app, local storage is not completely secure but is enough for many app. If you need high grade of security, then change the backend api (or add a layer in the middle to manage jwt).


#6

hi…
how can i encrypt my password , i am using local storage to store password. please reply soon and also if any example share it. thanx