I recently asked, “ Is it a good idea to bind PasswordBox? ” The bottom line is that although WPF applications today tend to follow the MVVM design pattern, WPF PasswordBox seems to be intentionally designed to limit passwords. And yet, people still found ways to bind to them, which means that they are stored in memory as part of the view mode (which is even worse than if the password is simply extracted from the PasswordBox and checked on the spot, I think).
This situation leads to a more fundamental question. What are the real risks of storing a password in memory? What can happen and how much is it possible? (When I say “store”, this means as part of the login process, after which they will never be stored in memory ... except that they will still be in memory until the garbage collector starts .)
Some say that "if an attacker can read your memory, you will lose 100%." (commentary on this question ), which indicates that if you store passwords in memory or not, this may be redundant, since you are screwed anyway if they have access to your memory (see Troy Hunt's article on Heartbleed , which shows an example of how memory access in an unmanaged environment can be quite disastrous).
On the other hand, you can save passwords from managed memory - this blog post shows a fairly detailed example and this MSDN article shows a way to convert to and from SecureStrings. However, I'm not quite sure how necessary this is. Firstly, this requires a lot of work, and after the argument "if they can read your memory, you are screwed up anyway", this may not even be useful. Secondly, just because the password is in unmanaged memory, this does not mean that it is safe (see the Example above); the advantage is to limit the amount of time that the password is in memory, and then reset this memory.
So ... in general, is it worth going to these lengths to save passwords from managed memory?