"The general approach of dealing with credentials is to avoid them and instead rely on other means to authenticate, such as certificates or Windows authentication."
A secret is still a secret, regardless of whether it's a password, a token, a certificate, or something else. This recommendation does not improve security in any way (as it pertains to secrets existing in memory in the clear).
Is there a recommended replacement for SecureString that adds any security benefit or is the punchline that there's nothing you can do to prevent your secrets from existing in memory so we shouldn't even try?
"The general approach of dealing with credentials is to avoid them and instead rely on other means to authenticate, such as certificates or Windows authentication."
A secret is still a secret, regardless of whether it's a password, a token, a certificate, or something else. This recommendation does not improve security in any way (as it pertains to secrets existing in memory in the clear).
Is there a recommended replacement for SecureString that adds any security benefit or is the punchline that there's nothing you can do to prevent your secrets from existing in memory so we shouldn't even try?