I believe another approach is to detect high-entropy strings rather than using a hard-coded list of prefixes. I’m curious about the rate of false positives, though: just because there’s - say - a hash or a GUID doesn’t mean it’s credentials. Combining both approaches would potentially work well.