diff --git a/meson.build b/meson.build
index 3d53a720c..e62aa3cb2 100644
--- a/meson.build
+++ b/meson.build
@@ -186,6 +186,18 @@ if cc.has_header('execinfo.h') == true
 elif cc.has_function('backtrace_symbols_fd', dependencies: 'execinfo') == false
   execinfo_dep = dependency('execinfo', required: false)
 endif
+if cc.has_function('explicit_bzero') == true
+  config_h.set('HAVE_EXPLICIT_BZERO'   , '1')
+endif
+if cc.has_function('explicit_memset') == true
+  config_h.set('HAVE_EXPLICIT_MEMSET'  , '1')
+endif
+if cc.has_function('memset_s') == true
+  config_h.set('HAVE_MEMSET_S'         , '1')
+endif
+if cc.has_function('mlock') == true
+  config_h.set('HAVE_MLOCK'            , '1')
+endif
 
 if cc.has_header('fnmatch.h') == false
   error('fnmatch.h not found')
diff --git a/src/bin/e_auth.c b/src/bin/e_auth.c
index 92670f5d3..3fdb2eec7 100644
--- a/src/bin/e_auth.c
+++ b/src/bin/e_auth.c
@@ -3,7 +3,7 @@
 E_API int
 e_auth_begin(char *passwd)
 {
-   char buf[PATH_MAX], *p;
+   char buf[PATH_MAX];
    Ecore_Exe *exe = NULL;
    int ret = 0;
    size_t pwlen;
@@ -31,9 +31,7 @@ e_auth_begin(char *passwd)
 out:
    if (exe) ecore_exe_free(exe);
 
-   /* security - null out passwd string once we are done with it */
-   for (p = passwd; *p; p++) *p = 0;
-   if (passwd[rand() % pwlen]) fprintf(stderr, "ACK!\n");
+   e_util_memclear(passwd, pwlen);
    return ret;
 }
 
diff --git a/src/bin/e_utils.c b/src/bin/e_utils.c
index 8117e22f3..96c067989 100644
--- a/src/bin/e_utils.c
+++ b/src/bin/e_utils.c
@@ -1458,25 +1458,29 @@ e_util_evas_objects_above_print_smart(Evas_Object *o)
      }
 }
 
-/*
- * NOTICE: This function should not be used by external modules!!!
- *
- * This function is just a hack to allow us to "securely" clear sensitive
- * info until memset_s() is readily available, or at least we move this hack
- * to Eina.
- *
- * This is going to work until link time optimizations are good enough.
- * Hopefully by then, we'll be able to properly use memset_s().
- */
-static void *(* const volatile memset_ptr)(void *, int, size_t) = memset;
+#if   defined(HAVE_MEMSET_S)
+#elif defined(HAVE_EXPLICIT_BZERO)
+#elif defined(HAVE_EXPLICIT_MEMSET)
+#else
+void *(* const volatile __memset_ptr)(void *, int, size_t) = memset;
+#endif
 
 E_API void
 e_util_memclear(void *s, size_t n)
 {
-   memset_ptr(s, 0, n);
+   if (n == 0) return;
+#if   defined(HAVE_MEMSET_S)
+   memset_s(s, n, 0, n);
+#elif defined(HAVE_EXPLICIT_BZERO)
+   explicit_bzero(s, n);
+#elif defined(HAVE_EXPLICIT_MEMSET)
+   explicit_memset(s, 0, n);
+#else
+   __memset_ptr(s, 0, n);
+   __asm__ __volatile__("": :"r"(s) : "memory");
+#endif
 }
 
-
 E_API Ecore_Exe *
 e_util_open(const char *exe, void *data)
 {
diff --git a/src/modules/lokker/lokker.c b/src/modules/lokker/lokker.c
index aa0e7e482..f52ceae1c 100644
--- a/src/modules/lokker/lokker.c
+++ b/src/modules/lokker/lokker.c
@@ -1,4 +1,5 @@
 #include "e_mod_main.h"
+#include <sys/mman.h>
 
 #define PASSWD_LEN                256
 
@@ -858,6 +859,9 @@ lokker_lock(void)
      }
    edd = E_NEW(Lokker_Data, 1);
    if (!edd) return EINA_FALSE;
+#ifdef HAVE_MLOCK
+   mlock(edd, sizeof(Lokker_Data));
+#endif
 
    E_LIST_FOREACH(e_comp->zones, _lokker_popup_add);
    total_zone_num = eina_list_count(e_comp->zones);
@@ -881,5 +885,8 @@ lokker_unlock(void)
    E_FREE_LIST(edd->handlers, ecore_event_handler_del);
    if (edd->move_handler) ecore_event_handler_del(edd->move_handler);
 
+#ifdef HAVE_MLOCK
+   munlock(edd, sizeof(Lokker_Data));
+#endif
    E_FREE(edd);
 }