In Swing, the password field has a getPassword() (returns char[]) method instead of the usual getText() (returns String) method. Similarly, I have come across a suggestion not to use String to handle passwords. Why does String pose a threat to security when it comes to passwords? It feels inconvenient to use char[].