Back

Explore Courses Blog Tutorials Interview Questions

char[] preferred over String for passwords?

0 votes
2 views
in Java by (10.2k points)

In Swing, the password field has a getPassword() (returns char[]) method instead of the usual getText() (returns String) method. Similarly, I have come across a suggestion not to use String to handle passwords.

Why does String pose a threat to security when it comes to passwords? It feels inconvenient to use char[].

1 Answer

0 votes
by (46k points)

The main reason for character array being preferred over string is the immutable nature of string. What that means is, if the password is stored as plain text then it would be available in the memory until the garbage collector clears it, and since it is immutable, there is no way the content of the string can be changed, changing it would result in entirely different (new) string. 

This leads to the less secure nature of strings as compared to character arrays, as they are stored in plain text and anyone getting a hand on them would have access to raw passwords. Incase of array you could explicitly wipe the data, overwrite the array and raw data is not available anywhere, contrary to string which makes it more vulnerable.

Related questions

+1 vote
2 answers
Why is char[] preferred over String for passwords?
asked Jul 4, 2019 in Java by daniel87 (900 points)
0 votes
1 answer
How to convert a char array back to a string?
asked Jul 26, 2019 in Java by Ritik (3.5k points)
0 votes
1 answer
How to convert a char to a String?
asked Jul 9, 2019 in Java by Anvi (10.2k points)
0 votes
1 answer
Why CharArray() is preferred over String to store the password?
asked Jan 27, 2020 in Java by angadmishra (6.5k points)

Browse Categories

© COPYRIGHT 2011-2023 INTELLIPAAT.COM. ALL RIGHTS RESERVED.

Download Salary Trends Now !

Learn how professionals like you got up to 100% Salary Hike.

...