Storing user credentials (Windows Store apps using JavaScript and HTML)

Apps can now store the user's password in the credential locker by using the Windows.Security.Credentials namespace.

The credential locker is a common way to store and manage user passwords in a protected store. A credential in the credential locker store is associated with a specific app or service. Apps and services do not have access to credentials associated with other apps or services. The credential locker store from one trusted device is automatically transferred to any other trusted device for that user. This means that credential roaming is enabled by default for credentials stored in credential locker.

See the Credential locker sample for a detailed example of how to store credentials with credential locker.

Best practices

Only use the credential locker for passwords and not for larger data blobs.

Save passwords in the credential locker only if the following criteria are met:

  • The user has successfully signed in.
  • The user has opted to save passwords.

In this section

Topic Description
How to save user credentials

Store user credentials in the credential locker store by calling the passwordVault.add method.

How to enumerate and retrieve user credentials

Enumerate and retrieve stored credentials.

How to delete user credentials

Delete credentials from a credential store.


Credential locker sample




Build date: 6/11/2013