KeyChain security vs hash-salting mechanism, which is better?

Question 1

I would recommend to use the KeyChain. It is a bit more difficult than storing it in your App folder but it is a lot more secure.

The KeyChain will handle all of the encryption for you and will provide you with options on what will happen to your data when the device is restored and place conditions on when the data is accessible (e.g only for unlocked devices).

If you're developing more than one app you can use the KeyChain to share information between apps. One thing to keep in mind is that the KeyChain retains information even after app removal, unless you remove it.

An easy way to get started is to use CocoaPods in your project and do a search for KeyChain pods.

One question to you: do you really need to re-authenticate (offline) after the first login? If you do it might be more userfriendly to ask for a pin (which you can store in the KeyChain).

Question 2

Saving the information if the app is not secture because if someone wants to hack your app there are ways to see the contents of the app package on the device. For example saving inforamation in file created programmatically will turn into creating a file if the /Documents directory of your app. As for Keychain:

Keychains are secure storage containers, which means that when the keychain is locked, no >one can access its protected contents.

From the offical Apple documetation https://developer.apple.com/library/mac/documentation/security/conceptual/keychainServConcepts/02concepts/concepts.html

So it's more secure to use Keychain