Best way to handle “forgot password” in a stand alone application
https://stackoverflow.com/questions/11967616
-
26-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
As mentioned in the question, I'm trying to make an application that has no interaction with a server. The problem is that the user can use a password at some parts of the application and then starts the problems. The one problem that I really couldn't find much materials about is how to implement a local forgot password feature, which I think is essential.
Storing the password locally without any kind of encryption and then retrieve it when needed isn't any option for many reasons (password exposed to hackers and everyone who get theirs hands on the phone can retrieve it too).
Any ideas?
Solution
Don't know the specifics about Android, but in iOS I have done this using security questions stored in NSUserDefaults (an application wide non-encrypted datastore) and then keeping the password and the security answers in the encrypted keychain. When the questions have been answered, the user is prompted to change the password which is then updated in the keychain.
I would think Android would have similar features and methods. I will know this answer better in about 6 months (I am making a commitment to learn Android next)
