قالب وردپرس درنا توس
Home / IOS Development / IOS 12 Password Tools: Improve user security and experience

IOS 12 Password Tools: Improve user security and experience



Update Note : Lyndsey Scott updated this tutorial for iOS 12, Xcode 10, and Swift 4.2.

  • An app requires you to create a new iOS password, and you continue to enter the cat's name, as you've done with each page and app you've ever used.
  • You already have an account on a site when you download its app. Your credentials are filled out online, but you can not remember them when you try to log in to your mobile.
  • An app requires new iOS passwords to contain at least 99 characters – with at least one letter, five non-sequential numbers, and a large number of punctuation characters, except! and *.
  • You continue to leave an app to check the text message of the two-step verification code it sent you, but can not seem to remember the random string of characters every time you return.

As users, these types of scenarios make someone see exceptionally vibrant shades of red and maybe just as colorful shades of blue. :]

As a developer, this iOS password balances: On the one hand, it's crucial to make the login process as easy as possible. Each password requirement you add increases the user's motivation to uninstall your app. At the same time, developers have a responsibility to help users stay safe. hackers and abusers scene infinite attacks on activists, celebrities and John Q. Public.

iOS Password Rescue Tool!

But do not be afraid! IOS passwords auto fill, auto strong password and security code autofill are all at your service!

In this tutorial, you will put these iOS 1

2 security tools in place, allowing users to:

  • Share and sync passwords between your site and app.
  • Save and update iOS passwords.
  • Auto-generate secure passwords.
  • Confirmation code for access control sent via text message without leaving the app.
Note : This tutorial requires you to have a paid iOS Developer Program membership.

Although this tutorial requires very little coding at the end, it is assumed that you have some knowledge of Xcode and Terminal .

Get started

Download the materials for this tutorial using Download Materials button found at the top and bottom of this page. Unzip UltraMotivator files and open UltraMotivator Start / UltraMotivator.xcodeproj in Xcode. Then build and run the startup application on your simulator.

  An overview of the startup login screen.
Login screen for startup project, login screen and login error.

Start on the login screen. , press the Sign Up button at the bottom right to navigate to the registration page. Enter a username and password, and then tap Register . An error dialog should appear. In the app's current state, you can not log in yet because the back cover of the app does not exist yet.

Note : Even if you have not specified text field content types, iOS can detect your fields as login-related. This is done by analyzing placeholders, user interface elements, and text on-screen. This means that, although iOS can automatically offer iOS password autofill, strong password generation, or code autofill, this behavior is not guaranteed, so it's best to put these features in place explicitly.

Unfortunately, unauthorized Users can not access request upon request so the launcher is quite uninspiring for now.

 iOS Password

A Look At The Web Application

Return To Finder [19659000] and Navigate to UltraMotivator Startup Pack ▸ Motivational Server . This directory contains the server app you distribute to the Internet to get the iOS app up and running.

Like the iOS app, the server app is written in Swift using Vapor, a modern web frame for Swift. While you do not want to cover the steam details here, check out our Video Course and order to learn more.

Take a moment to get a bird's eye view of the web app's structure. Most specifically, this includes:

  • Resources ▸ Views : Contains Damps Leaf files describing the web page templates.
  • Sources ▸ App : Contains server application. This logic handles authentication and random motivation quota.

For this tutorial, you will distribute Heroku server software, as it provides a quick, easy and free solution. If you do not already have a Heroku account, you must register to create one at https://signup.heroku.com/. Note your password because you need it later.

Create a Heroku App

Go to https://dashboard.heroku.com and log in to Heroku.

In the upper right corner, click the button marked New then select Create new app .

 Heroku New App Button

On the next screen, enter either a unique app name or leave the App Name field blank. Then select the distribution area.

 Heroku New App Screen

If you leave the App Name blank, Heroku will automatically generate a unique slug to identify the app for you. Whether you create a name or Heroku assigns you one, please note your app name because you will need it later when you configure your app. Click Create app .

After creating the app, Heroku redirects you to the app's page.

 Heroku Application Page

Select the Resources category near the top of the page. Under the section Add-ons enter postgre and you will see a choice for Heroku Postgres ; Select this option.

 Heroku search for postgres

This will take you to another screen asking which type of database to be delivered.

 Heroku commission screen

Select Hobby Dev – Free Planavn. Click the Provision button, and Heroku will do the rest.

When done, the database appears under the Resources tab, indicating that your web app has been created.

 Heroku Resources Fan

Get App Identifiers

Now that you have configured Heroku to host your web app, it's time to share Ultra Motivator's references between web and mobile. To do this, you must set up a two-way association between your iOS app and web server.

First, you want to make your iOS app identifiable and provide the necessary permissions. Sign in to Apple's Developer Portal. In Member Center select Certificates, Identifiers and Profiles .

 Overview of Owner Certificates, Identifiers, and Profiles

Go to Identifiers ▸ App IDs and select Add button. Enter a App ID Description then scroll down to App ID Suffix ▸ Exceptional App ID and Create a Bundle ID ; This will be your App ID. Scroll down to the App Services section and enable associated domains and ] services.

 Apple App Services Options [[19659002] Scroll down and click Continue to save. On the summary page, you are presented with the following, confirm that Associated Domains and AutoFill Credential Provider are both enabled. Then, scroll to the bottom and click Register .

  Apple: Summary of Changes

Notice Prefix in the app header information display, to the right of the ID icon. This is your Team ID .

Add App Identifiers to the Web Application (Local)

Now open Terminal and CD to UltraMotivator Start / Motivation Server . For example, if you have unpacked the UltraMotivator files on your desktop, you can enter:

  cd ~ / Desktop / UltraMotivator-Start / Motivational Server

  • This sets the Motivational Server directory containing the server applet - as a workbook.

    In Motivational Server a Public directory and then a nested .known directory is created by entering the terminal command:

      mkdir -p Public /. Known /
    

    When you replace with Team ID and with App ID enter the following:

      echo {{webcredentials}: {"apps": { ["<#Team Identifier#>. <#App Bundle ID#>"]}} & # 39; 
    > Public /. Known / Apple-App-Site Association
    
    Note : Archive Apps may contain more "." Strings. This allows you to set up two way associations between multiple iOS apps and a single domain.

    It is important to use the exact filename apple app-site association as iOS will look for a file with this exact name.

    Switch to Finder and navigate to UltraMotivator-Start / Motivational-Server / Public / .known / apple-app-site-association . If you can not see .name use the shortcut Command + Shift +. to change hidden file visibility. Open the association file in a text editor to confirm that it contains specified JSON.

    Configure Heroku CLI

    Now that your mobile app ID is in place, upload them to your web app. To do this, you need help from Heroku's command line interface tools - Heroku CLI .

    You must have Homebrew to install Heroku CLI . If Homebrew is not already installed on your computer, install it by entering the following in Terminal :

      / usr / bin / ruby ​​-e 
    "$ (curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
    

    Now you can install Heroku CLI via Homebrew with terminal command:

      brew install heroku / brew / heroku
    

    After installing Heroku CLI log in to your account by typing the following into your terminal:

      heroku login
    

    Then, type your Heroku credentials when prompted.

    After signing in, confirm that your login was successful by entering:

      heroku auth: whoami
    

    This confirms that whoami sends the correct e-mail address.

    Implementation of Server App

    Heroku will distribute your Vapor app via Git, so you must put your server app to a Git repository.

    I Terminal Confirm that Motivational Server is still your workbook. To do this, enter the command pwd for the full directory address. Then type these commands while replacing with the Heroku app name that you previously specified in the "Create a Heroku app" section of this tutorial:

      git init
    git add.
    git commit -m "steam server"
    heroku git: remote -a 
    

    With these commands, you have added your external server app as a local Git depot.

    Heroku uses a Buildpack to give the recipe to build your app when you distribute it. Enter the following in Terminal :

      heroku buildpacks: set https://github.com/vapor-community/heroku-buildpack
    

    This sets Buildpack for your app.

    Finally, to distribute your app to Heroku, enter:

      git push heroku master
    

    This pushes your main branch to your Heroku externally. You have to wait several minutes as everything builds.

    Note : If Heroku's current distribution table version is incompatible with the community, the push will fail. The error message will tell you exactly what happened and how to fix it. For example, you might see a message telling you to type the command:

    heroku-stakk: set heroku-16-a 
    

    Follow the instructions in the error message, then repeat the push command.

    Heroku usually starts your app automatically when it's finished building. But for sure action, to start your program manually, enter:

      heroku ps: scale web = 1
    

    To open your web app, enter heroku open . You can also find your web app URL listed in the Heroku dashboard under Settings ▸ Domains and Certificates .

     Display of the Heroku app that runs and displays a logging screen

    Congratulations! You are now the proud owner of a website that is able to recognize your iOS app through the apple app-site attachment file. You can view your apple app-site attachment file at https: // [your domain] /.wellhknown/apple-app-site-association . You have conquered the first half of your two-way association: take a moment to bask in honor!

      iPhone enjoys a well-deserved IOS password party!
    Time for a well deserved celebration!

    To complete the Two-Way Association

    OK, bub, it's enough to bask! Now it's time to configure your iOS app to recognize your site, thus completing the two-way association. Before moving on, check the Heroku app domain in the browser's location bar as you need it in a moment.

    Open UltraMotivator in Xcode Select your target at the top left of the Project Navigator and click the General tab.

     Xcode General Tab

    In Section Identity Set Bundle Identifier to App ID. In the section Signature check Manage automatic signing then select Team associated with the app: Xcode will now generate a commission profile and signing certificate. Any errors on the page General should now disappear.

    On the bottom of the page, you add AuthenticationServices.framework to Collated Frames and Libraries . You must AuthenticationServices to integrate iOS password autofill.

     Xcode Linked Framework and Libraries

    Then click the Capabilities tab. Find the Associated Domains option and replace ON to enable this feature.

     Xcode: Enable Associated Domains

    Click now on + Then add the Heroku app domain to the list using the following format:

      webcredentials: [your domain]
    

    Assuming that you have correctly configured your App ID ID features, label tags should appear under your listed domain. These marks confirm that you have added the domain name to both your rights file and app ID.

     Xcode: Checks showing successful rights results

    You should now be able to view ] UltraMotivator.entitlements in the left Project Navigator . This privilege file contains the data you have just entered, wrapped in a property list.

     Xcode: Rights Plist

    iOS uses this privilege file to check your code signing identity and commission profile. [19659002] Back to Goals ▸ Capabilities Find Autofill Reference Provider and Replace it with ON .

     Xcode: Autofill Credential Provider set to On

    Once again, the tags should appear - this time you confirm that you have added the autofill credentials provider feature to both your App ID and license file. It also confirms that you have included AuthenticationServices.framework .

    Putting It All Together

    Phew! There are many microts! Happy, now it's time to connect everything up. : 19659007] Return to UltraMotivator.xcodeproj in Xcode open API.swift and find the following code in line 46:

      static la baseURL = URL (string: "https: // [your domain]")
    

    Replace "[your domain]" with the Heroku app name that you copied and used earlier.

    Note : When using Heroku, your domain will probably follow the format [your app name] .herokuapp.com

    API.swift contains API conversations that are able to communicate with the server app on your domain. These calls help perform user log, registration, logout, password change and random generation of motivation quotas. Most of these calls are already integrated into the iOS app. Now that you've added your domain, authentication should work as intended.

    Then add iOS password autofill, strong password generation, and security code autofill in the Interface Builder . Open Main.storyboard to get started.

    Select Username on Login View Control . Open the Attributes Inspector tab in the right Inspector pane. Find Text Input Properties and Insert Content Type to Username .

    Inteface Builder: Adding the iOS form for password forms " width="650" height="343" class="aligncenter size-large wp-image-203212" srcset="https://koenig-media.raywenderlich.com/uploads/2018/09/content_type_username-650x343.png 650w, https://koenig-media.raywenderlich.com/uploads/2018/09/content_type_username-480x254.png 480w" sizes="(max-width: 650px) 100vw, 650px"/>

    ] Select now Password field and insert Content Type to Password .

    Similarly, the Registration Display Control change Username s Content Type to User Name . Then change New password field s Content Type to New Password so this field will now autofile a strong password suggestion.

    Finally open OneTimeCodeViewController.swift . Insert the following on line 42:

      oneTimeCodeField.textContentType = .oneTimeCode
    

    By setting textContentType to .oneTimeCode when iOS detects a security code in an incoming message while the user views this two-factor authentication screen, the QuickType line above the keyboard will auto-fill with the code. The user will then be able to enter this code with a single press without leaving the app.

    Customize iOS Password AutoFill Rules

    You're almost there. Before you take the final steps, take a final quick detour to learn about IOS Password AutoFill rules.

    Apple's default suggested password is 20 characters long and must contain all of the following character types: uppercase letters, lowercase letters, numbers, and hyphens. This provides a strong password that is compatible with most web services.

    In some cases, you may need or will set custom rules for the suggested iOS password. You can add these custom rules to the Password Rule property of any field where the content type is set to New Password .

     Interface Builder: New iOS Password and Password Rule Fields

    iOS Password The autofill rules require the following format:

      required: ( | ), ..., ( ] | );
    Allowed: ( | ), ..., ( | );
    maximum of the following: 
    

    They use these keywords:

    • required : Use "required" if the generated password must contain at least one member of the specified drawing class. To combine grade classes, divide them with commas. For example, requires: X, Y corresponds to required: [XY] where X and Y represent drawing classes.
    • allowed : Use "allowed" if the restrictions specify a subset of allowed characters. If you do not include the allowed property, and only include necessary, the password can only contain the required characters. If you only specify allowed and not necessary, the password can only contain the characters you have explicitly allowed. If you do not specify the required or allowed, your password may contain some ASCII-writeable characters.
    • max in line : Follow the "maximum relationship" with a positive integer to limit the number of times a character can be displayed eventually.
    • minlength : Follow the keyword minlength with a positive integer to enter the minimum password length.
    • maxlength : Follow the keyword "maxlength" with a positive integer to enter the maximum password length.

    You must use "allowed" and "necessary" with these allowed character groups:

    • upper : Represents upper case letters A - Z.
    • lower : Represents lowercase letters a - z.
    • digit : Represents numbers 0 - 9.
    • special : Includes - (). & @? and Space .
    • ascii-printable : Includes all ASCII characters.
    • unicode : Includes all unicode characters .
    • Or specify a custom character group by specifying which ASCII characters you want to include within square brackets. For example, "allowed: [a1,-]" allows the characters "a", "1", "," and "-".

    A Super Fun Happy Quiz? Oh, the boy!

    Do you think you're getting your boyfriend? Try your hand at the following exercise. For each password rule, you must determine if password automation can generate A, B, C, and / or D. Each answer may consist of no | any | all multiple options:

    1. required: upper, digit; max length: 5; maximum following: 1;

      A. JEMSP
      B. 43jKL
      C. 39LS2
      D. 92JJK

      [spoiler title=”Answer #2″] Password Rule # 1 can generate passwords A and C. [/spoiler]

    2. required: lower; required: digit, [$#@]; allowed: upper; min length: 9; maximum of: 2;

      A.
      B. Ys2jUJaaauREV
      C.Js13 & Lk2ja
      D. 29mn $ #ki @ nd

      [spoiler title=”Answer #1″] Password Rule # 2 can generate passwords A and D. [/spoiler]

    3. required: lower, special; required: digit, upper; allowed: unicode;

      A. I❤️U
      B. aJEK24
      C. 30 👩💻3420
      D. 3 0 4 2

      [spoiler title=”Answer #1″] Password Rule # 3 can generate passwords B, C, and D. [/spoiler]

    Congratulations on to get through that exercise! That said, according to Apple:

    The more restrictions you have on a password, the greater the likelihood that it can be guessed. The most difficult to guess the password rule is allowed: unicode . No password rule at all creates the other most difficult to guess the passwords.

    Remember the complicated passwords you just carefully analyzed? As a general rule, you will usually avoid them whenever you can!

     iOS Password

    Add Custom Password Rules for Use

    That said, you took this fast detour for a very good reason. When you integrate with a reset web service, there are good opportunities for you to use iOS password rules to synchronize with specific password requirements that the service may impose.

    To test, think that your site

    1. To fulfill these requirements, open Main.storyboard .

      1. Unable to specify special characters.
      2. Must be at least 12 characters long.
      3. Requires a uppercase letter. ] Select New Password S Password Rule Fields:

          Required: Select  New Password  to  The Registration Preview Scenario  and copy and paste this password rule in  New Password Field  upper;
        allowed: lower, digit;
        min length: 12;
        max length: 20;
        Maximum of the following: 3;
        

        This rule requires at least one uppercase letter; It also allows lowercase letters and numbers; It generates a password 12 to 20 characters long, preventing a character from appearing more than three times in a row.

        As you proceed to implement your own IOS Password AutoFill rules, you can verify that they work as intended by typing them into Apple's Password Approval Authorship. There you can review a few hundred or even ten thousand generated passwords to make sure the rules provide the results you need.

        Take it for a spin

        You have now configured authentication, strong password autofill, security code autofill and custom iOS password rules. Build and run your iOS app to test everything on a physical iOS device - IOS Password AutoFill does not work on a simulator.

        Touch Register at the bottom right of the login page to navigate to the registration view.

        The username field Keyboard type is "Email Address"; so while the username is the first responder, the QuickType bar may suggest email addresses that you used to log in to other services. This is due to iOS recognizes this particular username field as a username field.

        After entering a username, select the password field. It should be autofilled with a strong password that matches the rules you entered in the password line of the field . Press Use strong password to use the suggestion that comes with auto-complete, and then press Sign up . A warning will appear to let you know if you have registered.

         iOS: Successful login.

        If you see the above warning, congratulations! You have registered a new account. Press OK and the registration will reject to go t Return to login.

        Save your passwords

        It's only one last piece of the puzzle: automatic storage of your newly created credentials. As it turns out, for iOS to recognize that it needs to save a new set of credentials, you must :

        1. Remove your username and password fields from the View hierarchy after signing up.
        2. Only remove the Username and Password fields after they are no longer in the hierarchy.

        Since your app disappears completely without deleting any fields, it already meets these requirements. Great! But how do you prevent your key ring from storing your credentials to a failed or incomplete login attempt? Good question!

        Open SignupViewController.swift scroll down to viewWillDisappear (_ :) and find this code bit:

          if API.token == nil {
        usernameField.text = null
        passwordField.text = null
        } other {
        API.logout ()
        }
        

        Here's what this code does:

        When a user signs up, the server returns a token. UltraMotivator s API.swift class saves this in the variable API.token .

        If API.token is null when the user navigates back to the login view, the registration action was not completed. In this case, enter the text fields to zero before leaves the Vis hierarchy, ie in viewWillDisappear (_ :) . This prevents these invalid credentials from being stored in the user's keychain.

        If API.token is not null, the registration action is complete. In this case, you log out and leave the field text intact. IOS will automatically save these credentials to the user's keychain.

        Check under the cap

        To confirm that your iOS password rules work, run the app on your iOS device ( not a simulator) and sign up with some different usernames. Open Keychain Access on your Mac. Select the sign-up form tab Password and then search your login passwords for your web app.

         Key Ring Access: IOS Password Stored for UltraMotivator [19659002] To view any password associated with your specified usernames, select it and touch View Password . Enter your keychain / computer password when prompted, and the password will be displayed.

         Key Ring Access: Disclosure of a Stored IOS Password

        According to my keychain, my username is the corresponding password "rehnep0xasravezpUg", "Qyddehziwzek2syhda" and "Qyddehziwzek2syhda." All three of these are in accordance with custom password rules defined for the app.

        To confirm that credentials are not saved when they are not going, enter username and password, but press the Back button without signing up. Kontroller Nøkkelringstilgang &#39;s påloggingspassord igjen for å bekrefte at iOS ikke lagret disse ugyldige legitimasjonene til nøkkelringen.

        Når du er fornøyd med at legitimasjonene dine lagrer som ønsket, går du tilbake til din iOS enhet og forsøk på å logge på appen. Begynn å skrive inn brukernavnet ditt. Ditt brukernavn (e) skal enten vises i QuickType-feltet automatisk eller etter at du har trykket på tastesymbolet på høyre side. Velg ditt brukernavn og godkjenne nøkkelringens tilgang ved hjelp av berørings-ID, ansikts-ID eller enhetspassord når du blir bedt om det. Your iOS password and username will autofill accordingly.

        Images showing successful login into UltraMotivator

        Submit those credentials and you should now see a two-step authentication screen:

        UltraMotivator: 2-step authentication screen

        Since two-step authentication is not set up on the back end, don’t wait for a code to automatically come through: You’ll have to test this feature manually.

        To determine whether or not a text message contains a security code, iOS scans incoming texts for words like “code” or “passcode” with code string. So, to test this feature, keep Ultra Motivator open and text yourself via Apple’s desktop Messages app. Send yourself a code: “Your code is 1234.” The QuickType bar should then present you with the option to autofill “1234″ into the code field.

        UltraMotivator: The QuickType bar presenting a 2-step authentication code

        Note: iOS can recognize words equivalent to “code” or “passcode” in all supported iOS languages.

        Tap Submit to display the Motivational view controller.

        UltraMotivator, displaying a random motivational code

        Password Ninja Enlightenment Attained!

        Mighty congratulations! You, my friend, are a true and noble Ninja Password Warrior, of the order Geekii Securitus Extremicus!!! (Electronic pocket protector not included.)

        iOS Password

        Take a moment to get thoroughly inspired by your random motivational quote, then open Safari on your iOS device. Navigate to your login web page by replacing “[your domain]” with your actual domain in the following url:

        https://[domain name]/login
        

        Upon tapping the Username field, your web page should present you with the same credentials that you saved during sign up in your iOS app.

        The web app login page, with Safari offering to enter the iOS password and username entered into the app

        Likewise, if you create a new account via Safari at https://[domain name]/register and return to the iOS app to login, those credentials should autofill.

        Where to Go From Here?

        Whew! That was a lot of work, but you’ve achieved a lot for your efforts. You’ve now implemented iOS password autofill, generation and synchronization. The login action to your app is now secure, easy to use and integrated directly with your website!

        If you haven’t already done so, download the tutorial materials using the Download Materials button at the bottom or top of this tutorial. Look through the final project to see how it compares to your version.

        Check out WWDC 2017’s Introducing Password AutoFill for Apps video and WWDC 2018’s Automatic Strong Passwords and Security Code AutoFill video to gain a broader understanding of the features you just implemented.

        Have any questions, comments or suggestions? Join the forum discussion below!


Source link