Passwords and authorization tokens are commonly used in mobile applications for user authorization and for connecting apps with third-party services like Twitter and Facebook. It is app’s responsibility to select secure storage for the credentials, encrypt the password and provide credentials management functionality so user can modify password or revoke granted access.

Windows 8 simplifies these tasks by introducing a Credential Locker. The Locker lets application to store and retrieve user’s credentials in a secure way: all password are encrypted and cannot be accessed by other applications.

Access to the Credential Locker is provided by WinRT PasswordVault class. This class allows adding, retrieving and removing credentials from the Locker. The following example demonstrates storing user’s password using PasswordVault.

PasswordVault allows grouping of credentials by providing name of the resource for which the credentials are used. Later this name can be used for retrieving the credentials using PasswordVault.FindAllByResource and PasswordVault.Retrieve functions.

The following example demonstrates usage of Retrieve function for credentials verification.

If the Locker does not contains credential data for the requested resource or name, an Exception will be thrown.

Control Panel’s Credential Manager allows users to control all stored credentials simplifying password management logic for applications.

PasswordVault is a simple, secure approach for storing user’s passwords in Windows 8 applications. The Credential Locker not only stores credentials, but also roams them between user’s devices that helps to create transparent, continuous experience for app users that owns multiple Windows 8 devices.