In security-sensitive applications, char[] is preferred over String for storing passwords due to the following reasons:
1. Strings Are Immutable (Cannot Be Cleared from Memory)
Stringobjects cannot be modified because they are immutable.- If you store a password in a
String, it remains in memory until garbage collection removes it. - This means that attackers could potentially access it by scanning memory.
Example: Storing Password in String
String password = "mySecret123"; // Stored in memory until garbage collection
🛑 Issue: The password stays in the memory as long as the String exists, making it a security risk.
✅ Solution: Use char[] instead:
char[] password = {'m', 'y', 'S', 'e', 'c', 'r', 'e', 't'};
👉 Why? You can overwrite the contents of a char[], ensuring the password is erased from memory.
2. Strings Are Stored in the String Pool
- String literals are stored in the String Pool, which is not immediately garbage collected.
- Even if you set
password = null, the string may still exist in the String Pool.
Example of Password in String Pool
String password = "superSecret";
// Even if password is set to null, "superSecret" might still be accessible in the pool.
password = null;
🛑 Risk: The password remains accessible in memory.
✅ Solution: Use char[], which is not stored in the pool.
3. char[] Can Be Explicitly Cleared from Memory
- Since
char[]is mutable, you can overwrite it after use, making it impossible to recover.
Example: Securely Clearing Password in char[]
import java.util.Arrays;
public class SecurePasswordHandling {
public static void main(String[] args) {
char[] password = {'p', 'a', 's', 's', '1', '2', '3'};
// Simulating authentication process
System.out.println("Password used: " + Arrays.toString(password));
// Immediately clear password after use
Arrays.fill(password, '*');
System.out.println("Password cleared: " + Arrays.toString(password));
}
}
🛑 Issue with String: Cannot overwrite the password. ✅ Solution: Arrays.fill(password, '*'); erases sensitive data immediately.
4. Strings Are More Vulnerable to Memory Dumps
- Attackers can extract passwords from memory dumps if stored in a
String. - Since
char[]is mutable, it reduces the window of exposure.
Example: Memory Dump Attack
🔹 With String: Password stays in memory longer, making it easier to extract.
🔹 With char[]: You clear it immediately after use, reducing exposure.
5. String May Be Logged Accidentally
- Developers sometimes print or log
Stringobjects accidentally. - This can expose passwords in logs, which is a huge security risk.
Example: Unintentional Logging
System.out.println("Password entered: " + password);
🛑 Risk: If password is a String, it might be written to logs.
✅ Solution: Use char[] and never log raw passwords.
6. char[] is Recommended by Java Security Libraries
Java security libraries such as JPasswordField (Swing) and SecureString (in other languages) use char[] instead of String for security reasons.
Example: JPasswordField Usage
import javax.swing.*;
JPasswordField passwordField = new JPasswordField();
char[] password = passwordField.getPassword(); // Returns char[], not String
✅ Why? This ensures passwords are not stored as immutable Strings in memory.
When to Use String?
- If the password is never stored (e.g., immediately passed to a hashing function),
Stringis fine. - If password management is not a concern (e.g., hashing immediately).
Conclusion
| Feature | String | char[] |
|---|---|---|
| Mutable? | ❌ No (immutable) | ✅ Yes (can be cleared) |
| Garbage Collected? | ❌ Unpredictable (until GC runs) | ✅ Can be cleared manually |
| Stored in String Pool? | ✅ Yes (if literal) | ❌ No |
| Memory Security? | ❌ Can be leaked via memory dumps | ✅ Can be wiped from memory |
| Recommended for Passwords? | ❌ No | ✅ Yes |
✅ char[] is preferred for handling passwords because it allows you to erase sensitive data from memory and prevents accidental logging and security leaks.