Why is char[] preferred over String for passwords?
Strings are immutable. That means once you’ve created the String, if another process can dump memory, there’s no way (aside from reflection) you can get rid of the data before garbage collection kicks in. With an array, you can explicitly wipe the data after you’re done with it. You can overwrite the array with anything … Read more