Tutorial: UITextField with secure text, but with no KeyChain access
In this short tutorial, I’d like to show you how to implement secured elements to UITextField, though a bit differently than usual. I mean, without accessing KeyChain and shared passwords in iOS (or even macOS).
What are TextFields?
TextFields are a great solution that enables entering and confirming passwords in apps. If you’re familiar with UITextField, then you probably know that it’s very easy to secure entered text in this class. All you need to do is add isSecureTextEntry to your delegate method.
For example:
let passwordTextField = UITextField()
passwordTextField.isSecureTextEntry = true
The above combination is useful not only when you want to hide a user-typed password behind „● ● ●”. This method also helps block copying or pasting strings inside the TextField input view. Let alone delegate functions for observing the typed text and so on.
Another method called textContentType
Already iOS 10 introduced a new method for TextFields called textContentType. This one allows to determine if your input is a password, location, name etc.
The problem with the isSecureTextEntry function is that it is connected with stored passwords in your device. I've found this recently when I was porting my iOS app to Catalyst (macOS). After having done it, iOS 13 displayed an unwanted shortcut to passwords. Similar stuff as in Safari, where you can access your internet passwords.
This little thing can be very annoying, but it’s very easy to avoid. If you want to block your secured UITextField from accessing stored passwords, just add the following line:
passwordTextField.textContentType = .oneTimeCode
Remember that this option comes from iOS 12. In iOS 11 or lower versions you should use some hacks:
passwordTextField.textContentType = .init(rawValue: "")
Not enough?
More information about accession and blocking KeyChain in your app can be found on Apple pages - for example about Restricting KeyChain Item Accessibility. That’s all, folks!
