In general, you should define your threat model before worrying about more exotic attacks. In this case: are you worried that someone is shutting down the computer and conducting a forensic analysis of the hard drive? Application memory can also be replaced, so the simple fact that one process has it in memory makes it possible to terminate it in the page file. How about hibernation? During sleep mode, all memory contents are written to the hard drive (including SecureString - and, presumably, the encryption key!). What should I do if an attacker has access to the system during operation and can search the application memory?
In general, client-side security is very complex, and if you do not have specialized equipment (for example, a TPM chip), it is almost impossible to obtain the right. Two solutions:
- If you only need to check the equality between the two lines (i.e. this line is the same as mine before), save only the hash value (salted).
- Forcing the user to re-enter information when it is needed a second time (not very convenient, but safety and convenience are opposite to each other).