Why is char[] preferred over String for storing passwords?

Java 8Object Oriented ProgrammingProgramming

Yes, Storing password in String object is not safe for following reasons −

  • String objects are immutable and until garbage collected, they remain in memory.

  • String being plain text can be tracked in memory dump of the application.

  • In log, String based password may be printed which can cause a problem.

Char[] can be cleared or wiped out after the job is done.

Updated on 24-Feb-2020 10:31:39