Posts Tagged ‘Keychain’

The iPhone and HTTP Auth – How to save your password

Monday, August 4th, 2008

So you have an iPhone, but by now you’ve realized it doesn’t have a Keychain or any other sort of password management for web sites. While I can’t help with form based logins, there is hope when it comes to HTTP Authentication.

On the iPhone HTTP Auth login screens look like this:

The easiest way to get past those login prompts and store your password is to add it to the URL. I recognize this isn’t a new concept, but applying it to the iPhone might be to some. The format goes like this:

http(s)://username:password@www.example.com

If your username or password contains any non alphanumeric characters, in other words anything that isn’t A-Z and 0-9, then you must URL encode those characters. A common place this may occur is with cPanel based webmail where you have to use your full e-mail address as your login. In those cases enter in a + instead of an @. For example user@example.com becomes user+example.com as your login.

Once you’ve assembled the URL, bookmark it. I’ve found it to be the easiest to do this on the computer, then syncing it the iPhone. When on the iPhone you can go to the page and even add it to your home screen if you desire. While this doesn’t make up for true password storage, it does make it much easier to access sites protected by HTTP Auth.

In some instances this is the only way I can access some sites without being endlessly prompted for my login and password on the iPhone, no matter how accurate. This phenomenon has been observed by others as well.

The Disclaimer
Please recognize that you are storing your password in plain text, fully unencrypted. Your password is now as only safe as your bookmarks, and your iPhone. Normally in OS X your passwords are kept in a heavily encrypted database if you save them.

I can only hope that a full fledged Keychain will come to the iPhone, but for now this isn’t that bad of an alternative for sites that use HTTP auth.