Passwords stored in memory: Is it safe?

ITKE

1152555 pts.

Tags:

Password

Password management

Security

I recently realized when you save a password in a variable, it's actually stored as plain text in the memory.

I know the OS does a good job by forbidding processes from accessing other allocated memory. But isn't it still bypassable? Is there a safer way to store passwords to make sure processess can't access them?

Asked: November 22, 2013 6:35 PM Last updated: November 25, 2013 6:55 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Send me notifications when members answer or reply to this question.

Discuss This Question: 2 Replies

There was an error processing your information. Please try again later.

Thanks. We'll let you know when a new response is added.

Send me notifications when members answer or reply to this question.

TomLiotta Nov 22, 2013 11:09 PM GMT

What platform? What OS? If your programming is receiving a password and holding it in a variable, it's up to your programming to protect it. An OS (perhaps depending on hardware/firmware memory management) generally isolates address spaces from different processes; but that can't provide any guarantee if you don't control the machine.
More detail would be useful, particularly any programming (or scripting) technologies being used.
Tom

125,585 pointsBadges:

report
Kevin Beaver Nov 25, 2013 6:55 PM GMT

Is it safe? Well, it depends...You'll have to draw your own conclusions based on business needs, however, as I outline here, anyone with access to the machine can do just about anything with a hex editor (including finding passwords in memory): https://searchenterprisedesktop.techtarget.com/tip/Find-Windows-vulnerabilities-with-a-hex-editor

27,520 pointsBadges:

report