can I see saved password in iphone

Did some playing around with the app and password this weekend - created a new id and a pw and noticed that the password is again a Hex.

Now, what throws me off is when I logon to my a/c on the app, the iphone uses my touch/faceid and logs me on directly (i.e. does NOT populate the password field and waits for me to click on Continue!; i.e. it does NOT allow me to manually enter a password at all!!; and more importantly, it did not allow me to enter an user id!!!)

Adding this to what you said in your last reply, I infer the following:

1. When I bring up the app, it allows me to provide the touch id (does not allow me to provide userid etc),
2. Once I provide that touch, and iOS validates that, it provides the app with the stored hex pw.
3. The App then uses the stored pw and retrieves the actual pw from a local store, and sends that to the server for validation, without ever relinquishing control to me to ask me if I wanted to use that pw.
4. All this infra may have been built into the device, when I turned on 'touch id' capability on the app.

Why do this? What if I had multiple ids (as I'd not be able to circumvent the logon process - one device, one id!)? The app may do this because they are uncomfortable trusting apple with pws, and do not want to get into issues of assigning responsibility in case of a breach.

Again, appreciate your insight!

Thx for the quick response 🙏

i know the password’s not hex, and i copied the hex value to a ‘hex to text’ converter and the result was gibberish - my guess is that the password’s been encoded. Is there a way to look at the unencrypted value?

thx

I checked a couple of other entries and you are right, the passwords are visible!

But this site, the one with a hex password, I tried manually logging on with that hex password and the logon was rejected! But I’m able to login when i use the touch id!

Then, are the touch id passwords different from the passwords i see in the settings-password?

thx

I use google authenticator, but not for this app or webpage!

Are passwords for apps different from passwords for Safari website/pages?, and stores and maintained differently? Reason I ask, I have some apps on my phone that I can seamlessly sign onto, but I do not have that site or app in my list of passwords!

In my password options (under settings), I have checked icloud passwords and keychain. Does this mean that the passwords are stored on a keychain or a cloud? And if so, any idea how I can access them?

I think I am missing something basic or simple. Just dont know what that it is :-(

It looks like I am not going to be able do what I set out to: find the password saved somewhere on my phone for that app!

It appears like that the app developer may store the pw on my device either in local storage, OR on the passwords on the phone. OR maybe on the icloud key chain. I can see the password on my iphone in the latter two, but not in the first.

In addition, I think I may have discovered another approach, where the password is stored in an encrypted fashion - like the hex I brought up - this is probably encrypted either by the app, or maybe an iphone store pw option? (I know that the password is not hex!)

Anyways, thanks for your time - I will now reset the password on the app and go forward - appreciate your time !

Around 20+ characters!

Now, if this is an address in the app's local storage, then would that be in their cookies / cache? If so, then they would disappear when I clear cookies and cache - right? So, I cleared cookies and cache and the app still remembers the password!

I went ahead and changed the password on the website to something that I know remember to put an end to the mystery of the iphone password saga!

Appreciate your handholding through this journey! Have a good weekend sir

Got it!

Although quirky for me, your latest response made everything hang together in my mind.

The app is so "joint at the hips" with my user-id, that incorrect touch ids just stops the app from going forward. No option to provide id etc at a later point. And, likely, as you say, there is no password at all, and whatever that Hex code in the password is will stay a mystery, except for the app designer! ;-)

Once again, much obliged for your patience and willingness to share your knowledge!