12.17. Work with Security-Sensitive Strings in Memory
You need to work with sensitive string data, such as passwords or credit card numbers, in memory and need to minimize the risk of other people or processes accessing that data.
Use the class System.Security.SecureString to hold the sensitive data values in memory.
How It Works
Storing sensitive data such as passwords, personal details, and banking information in memory as String objects is insecure for many reasons, including the following:
String objects are not encrypted.
The immutability of String objects means that whenever you change the String, the old String value is left in memory until it is dereferenced by the garbage collector and eventually overwritten.