Since Java 1.2, JPasswordField.getText() has been deprecated for security reasons, ecouraging usage of getPassword()

Question

0

Asked: May 27, 20262026-05-27T23:51:30+00:00 2026-05-27T23:51:30+00:00

Since Java 1.2, JPasswordField.getText() has been deprecated for security reasons, ecouraging usage of getPassword()

0

Since Java 1.2, JPasswordField.getText() has been deprecated “for security reasons”, ecouraging usage of getPassword() method “for stronger securty”.

However, I was able to get the password stored in JPasswordField at least in Oracle JRE 1.7 by analysing the heap dump (JPasswordField instance -> model -> s -> array).

So how does JPasswordField.getPassword() helps to protect the password?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T23:51:31+00:00

Editorial Team

2026-05-27T23:51:31+00:00Added an answer on May 27, 2026 at 11:51 pm

Well, the documentation for it states:

For stronger security, it is recommended that the returned character array be cleared after use by setting each character to zero.

But, of course, if you use the getText method, you get back a String, which is immutable, so you couldn’t carry out the same recommendation.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Since Java 1.2, JPasswordField.getText() has been deprecated for security reasons, ecouraging usage of getPassword()

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply