Ensure that all passwords and secure fields are entered, by the user, into instances of UITextField with their secureTextEntry properties set to YES.

If the user is on a screen that contains personal information, such as the user’s credit card number or home address, set the hidden property of your app’s main window to YES in the applicationWillResignActive: method of your app delegate, and set the same property to NO (to show the window) in the applicationDidBecomeActive: app delegate method. This will ensure that the screenshot that iOS takes of your app’s UI when going to the background will not contain any of your window’s contents in it. This method is recommended by Apple.

Ensure that you validate the user’s input in your text fields/views before sending them to a server.

Using the mechanisms that you’ve learned in this chapter, secure the user’s entry if you are storing it in files on disk or in the keychain.

On screens where you accept a password or a numerical code for authentication, once the view controller is no longer on the screen, clear those password/code fields because the user won’t need them anymore. If you are not relinquishing ownership of those view controllers, their contents will stay in the memory. This includes the secure text field entries on those view controllers. It’s best to dispose of memory ...