Usage of SecureString in WPF

Question

Usage of SecureString in WPF

Raja Shanmugam 20

Hi,

We are developing a WPF app with .net 4.8. Can we use SecureString to store the pin in memory temporarily?

https://learn.microsoft.com/en-us/dotnet/api/system.security.securestring

Is it Deprecated? is this recommended or is there any alternate available?

2 answers

Your answer

Answer 1

Susmitha T (INFOSYS LIMITED) 1,630 Microsoft External Staff

Thanks for reaching out!

SecureString is not deprecated in .NET Framework 4.8 and can still be used to store the PIN temporarily in memory for a WPF app. However, Microsoft no longer recommends it for new development or for future frameworks.

The protection provided by SecureString is limited.

For stronger security or cross-platform scenarios, use Windows DPAPI or Credential Manger instead.

How to: Use Data Protection - .NET | Microsoft Learn

Let me know if you need any further help with this. We'll be happy to assist.

If you find this helpful, Kindly mark the provided solution as "Accept Answer", so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

Susmitha T (INFOSYS LIMITED) 1,630 Reputation points Microsoft External Staff

2025-10-29T05:44:41.5333333+00:00

"Hope you're doing well. We're following up on the thread. Please let us know whether the issue persists or has been resolved. If the issue has been resolved, kindly mark the response as "answered". We'll close this thread by 4th November, so we are hoping for your reply before that".
Susmitha T (INFOSYS LIMITED) 1,630 Reputation points Microsoft External Staff

2025-10-31T05:49:31.01+00:00

"Hope you're doing well. We're following up on the thread. Please let us know whether the issue persists or has been resolved. If the issue has been resolved, kindly mark the response as "answered". We'll close this thread by 4th November, so we are hoping for your reply before that".
Susmitha T (INFOSYS LIMITED) 1,630 Reputation points Microsoft External Staff

2025-11-04T05:08:21.3833333+00:00

Since the thread has been open for a considerable time, we will be proceeding to close the thread. If the issue persists or reoccurs, please feel free to raise a new thread. We’ll be happy to assist you further.

Answer 2

The SecureString class in C# is part of the System.Security namespace and is designed to handle sensitive text data, such as passwords, more securely than regular strings. It achieves this by encrypting the data in memory and allowing controlled access to it. Unlike regular strings, SecureString is mutable, enabling modifications without creating multiple copies in memory, and it can be explicitly disposed of to remove sensitive data immediately.

Limitations and Considerations

Limited Security Scope: SecureString reduces the time sensitive data is in plain text but does not eliminate all risks. For example, the data must be decrypted when used, exposing it temporarily.
Platform Dependency: On non-Windows platforms, SecureString may not encrypt its data due to missing APIs.
Microsoft Recommendation: Microsoft no longer recommends SecureString for new development, suggesting alternative approaches like certificates or Windows authentication.

Share via

Usage of SecureString in WPF

2 answers

Your answer