The iPhone and HTTP Auth – How to save your password

So you have an iPhone, but by now you’ve realized it doesn’t have a Keychain or any other sort of password management for web sites. While I can’t help with form based logins, there is hope when it comes to HTTP Authentication.

On the iPhone HTTP Auth login screens look like this:

The easiest way to get past those login prompts and store your password is to add it to the URL. I recognize this isn’t a new concept, but applying it to the iPhone might be to some. The format goes like this:


If your username or password contains any non alphanumeric characters, in other words anything that isn’t A-Z and 0-9, then you must URL encode those characters. A common place this may occur is with cPanel based webmail where you have to use your full e-mail address as your login. In those cases enter in a + instead of an @. For example [email protected] becomes as your login.

Once you’ve assembled the URL, bookmark it. I’ve found it to be the easiest to do this on the computer, then syncing it the iPhone. When on the iPhone you can go to the page and even add it to your home screen if you desire. While this doesn’t make up for true password storage, it does make it much easier to access sites protected by HTTP Auth.

In some instances this is the only way I can access some sites without being endlessly prompted for my login and password on the iPhone, no matter how accurate. This phenomenon has been observed by others as well.

The Disclaimer
Please recognize that you are storing your password in plain text, fully unencrypted. Your password is now as only safe as your bookmarks, and your iPhone. Normally in OS X your passwords are kept in a heavily encrypted database if you save them.

I can only hope that a full fledged Keychain will come to the iPhone, but for now this isn’t that bad of an alternative for sites that use HTTP auth.

3 Responses to “The iPhone and HTTP Auth – How to save your password”

  1. Scott says:

    iPhone OS 3.0 now allows for saved passwords, so this workaround isn't necessary but may still prove useful to some.

  2. Brian says:

    While iPhone os3 remembers most passwords, it does not do so for http authentication. A glaring oversight in my opinion

  3. Scott says:

    That's really weird. I just tried it out and it doesn't save the password. I guess this workaround still does apply. You'd think it's easier to save a HTTP Auth password then guessing a form based one.