How to Answer: In Java, why shouldn't you use strings to store a password?
Advice and answer examples written specifically for a Model N job interview.
11. In Java, why shouldn't you use strings to store a password?
How to Answer
While this may seem like a rudimentary question regarding your knowledge of Java, your interviewer is looking to ideally hear that you understand the principle differences between string and character arrays. Asking about the storage of passwords within a system gives you the opportunity here to point out the differences between the two. In the end, while explaining the differences, be sure to tie it back to the original question on why strings shouldn't be used to store passwords.
Written by Ryan Brunner on February 20th, 2020
1st Answer Example
"To store a password, character array is the obvious best choice because character arrays are mutable. If a string was utilized to store passwords, a definite security risk would be present to anyone that would have access to the memory dump from the system."
Written by Ryan Brunner on February 20th, 2020
2nd Answer Example
"This question simply boils down to a string being immutable. Because strings are a sequence of characters represented as a single data type, the system requires garbage creation to fully get rid of it out of memory. In my time designing software, I have used Char array and its mutable features to store passwords for the security of our end users "