owasp sensitive data prevention in java -

owasp sensitive data prevention in java

in code wrote following line , got a6-sensitive data exposure- heap inspection

private string password;

how should change code owasp sensitive data prevention in java?

still not clear tool gave warning @ line (it unlikely dependency check). can guess tool wants passwords stored in char[] rather string.

the reasoning can overwrite password blanks if no longer needed , therefore minimise chance shows in heap dumps.