[Security login mobile app] Is it safe to save the password with the username ?

Hello everybody,

I have a question about the security of my application. If  remember the login username and the password, for when the user get in again don't need to rewrite the informations, go direct to the first page of the app, this routine offer some risk for the security ? Somebody stoped at the same point and have other reviews, my point of view is that, if the user accept to save i'ts informations, it's all risks of the user...  or not ?

Thanks for all.

Solution

My advice is that you don't save THE password, but A password. But that I mean a token that is transferred when user logs in and is valid for x days. Something big like a GUID.

The server can check if you have a valid user/token and you can disallow tokens from a different device.

Also, encrypt the local database.

https://success.outsystems.com/Documentation/11/Developing_an_Application/Secure_the_Application/Secure_the_Data_of_your_Mobile_Apps


Tip: maybe protect the app with a simple pin screen so that data isn't available for everyone that gets the device?

Solution

Thia routine, (My advice is that you don't save THE password, but A password. But that I mean a token that is transferred when user logs in and is valid for x days. Something big like a GUID.The server can check if you have a valid user/token and you can disallow tokens from a different device.), is already done on the application. 

I liked your tip, it helped to open my mind to others aspects of security. 

Thanks a lot Nuno.