Apple seems to recommend when saving a password to use kSecClassInternetPassword where you specify a username account, a server, and a password (documentation). There is a note that one should use kSecClassGenericPassword instead when you don’t need extra attributes for remote access. Now everything in this keychain library uses kSecClassGenericPassword it's not possible to use kSecClassInternetPassword.
As an aside, it's mildly interesting, I suspect basically everyone is "misusing" the keychain API because I believe the "account" is not intended to be a key to look up like "MyServicePassword", it should seemingly be the user's account like their actual username. This makes it a bit tricky to look up later and migrate when the username changes. Wishing the keychain API were nicer fr. But perhaps this library could implement support for the recommended solution and even encourage correct usage? :)
Apple seems to recommend when saving a password to use
kSecClassInternetPasswordwhere you specify a username account, a server, and a password (documentation). There is a note that one should usekSecClassGenericPasswordinstead when you don’t need extra attributes for remote access. Now everything in this keychain library useskSecClassGenericPasswordit's not possible to usekSecClassInternetPassword.As an aside, it's mildly interesting, I suspect basically everyone is "misusing" the keychain API because I believe the "account" is not intended to be a key to look up like "MyServicePassword", it should seemingly be the user's account like their actual username. This makes it a bit tricky to look up later and migrate when the username changes. Wishing the keychain API were nicer fr. But perhaps this library could implement support for the recommended solution and even encourage correct usage? :)