On iOS devices, Apple's Keychain is used to store user credentials. This is the same mechanism used for the iPad's built-in Safari web browser if a user decides to let the browser "remember my password" for a website. The encryption used is AES-256-GCM. More specific details about Keychain's security are available in Apple's documentation.
For Android devices, the Android OS includes its own security measures at the device level which is then compounded by AES-128 encryption of credentials in BrowZine built by Third Iron creating a double layer of protection.
If your library uses a proxy server or OpenAthens to enable off-campus access, BrowZine initiates a session with the proxy server to authenticate you as an authorized user. BrowZine passes the username and password data, which is encrypted and stored securely on your device, directly to the proxy server. The username and password are never passed to Third Iron servers.