The SecureString type is described documentation as follows:
Represents text that should be kept confidential. It is encrypted to
privacy when it is being used, and deleted from the
computer when it is no longer needed.
This type implements the interface IDisposable
and it is through the Dispose
method that indicates that it should be deleted from memory.
Several .NET classes that deal with passwords, including the WPF PasswordBox, include methods or properties that use this class.
The purpose of this class is to prevent passwords from being stored on the disk ( swap ) and make it more difficult (though not impossible) for an attacker with access to computer memory to find out what password.
Of course, this class is only of interest if the password never even becomes available as a string
or byte[]
conventional.
Also relevant: link