Problem
VolunteeringĀ as a Community First Responder IĀ have access to certain web based map tools which are used to help locate patient addresses during an emergency. These tools are password protected to prevent unauthorised use, however, the username and password are complex (as you would expect) and not easy to remember. More over, when the pager goes off time is critical. As such, looking up and entering long passwords isn’t ideal.
Background
The particular tool that I want to gain quick access to is web based with a popup asking for username and password. I need a simple way to launch the web page and automatically login. The webpage will be launched on my iPhone which is locked using the Apple Secure ID. As a result, storing the password locally is less of a concern as the device is already secured. Not “best practise” but an appropriate compromise for speed of use vs security.
Here is a sample popup showing the type of authentication required. This is a test page (http://172.20.120.47) however the same thing would work for your web application (eg https://mysite.co.uk)
Solution
A really simple way to solve this is to add the username and password into the URL string. When you submit the URL string it automatically loads the username and password fields. Using the sample data below:
- Username: FRED
- Password: SECURE
- URL: https://testing.co.uk
The string would be:
https://<username>:<password>@<url>
https://fred:secure@testing.co.uk
Once this was entered into Safari on the iPhone, the webpage can be saved to the home screen allowing the application to be quickly launched with an automated login.
Conclusion
Whilst this may not work for all sites, this solved my particular challenge. Worth remembering the security/function balance when storing passwords in the clear! Yes, the device is encrypted (standard on an iPhone) however once you have unlocked it anyone who gets hold of your device can easily edit the shortcut and see your password.
You may also get a waring about phishing attacks as the above method is largely frowned upon from a security stand point of view.