Why Char is Preferred Over String for Storing Passwords

Yes, Storing password in String object is not safe for following reasons −

• String objects are immutable and until garbage collected, they remain in memory.

• String being plain text can be tracked in memory dump of the application.

• In log, String based password may be printed which can cause a problem.

Char[] can be cleared or wiped out after the job is done.