Password best practices (and common sense, if we’re being honest) tell us to always use a strong password for every account we have. This is because, unfortunately, it doesn’t take much to crack a weak one anymore. A bit of software on a standard computer can crack millions of passwords in a matter of seconds… so the more complex and randomized a password, the better and more secure it will be.
However, this can also make it a real challenge to create and then memorize sufficiently complex passwords. To help, we wanted to share a fun trick.
We’ve all been subjected to earworms before—those songs that the mere mention of begin a four-hour session of it on repeat over and over again in your head. Did you know that between 90 to 99 percent of people experience earworms? I’ll tell you this, if you ever find yourself idly Googling, try looking into some of the research on the topic. It’s super interesting.
Considering this pretty universal response to earworms, the strategy we’re going to share is pretty applicable to everyone.
To create a sufficiently strong password that properly secures your data, it needs to feature two things:
Considering how many password-protected accounts the average person has, that’s a lot of passwords you’ll need to remember… and the human brain really isn’t built to remember the kind of random passwords that are actually effective. Comparatively, we have a much easier time remembering things like song lyrics.
If we take advantage of this fact, creating memorable, but secure passwords can suddenly become a lot easier… and if we’re being honest, more fun.
Let’s use a ‘90s classic from ‘NSYNC to help us say “Bye Bye Bye” to weak passwords.
The chorus of the song goes as follows:
“I know that I can't take no more
It ain't no lie
I want to see you out that door
Baby bye bye bye
Don't want to be a fool for you
Just another player in your game for two
You may hate me but it ain't no lie
Baby bye bye bye
Bye bye.”
I apologize for getting the song stuck in your head, but also, you’re welcome.
To turn this into a password, you can take the first letter (or entire syllable) from each word and type it as you sing the song in your head:
iktictnmianliwtsyotdbbbb
That’s half of the chorus, and you have a 24-character password right there… and, while this section doesn’t feature any multisyllabic words, those could be used to make multiple characters, if you wished.
However, we can do better and make this fairly simple password more secure.
First, we can add some capitalization, both where words would be capitalized normally and where there’s emphasis in the song:
IktIctnmianlIwtsyOTDbBBB
Then, we can swap out all the “Is” with a one to add a touch more complexity… or a different number, to make it even less obvious. Let’s use 5, as the “I” sound is present.
5kt5ctnmianl5wtsyOTDbBBB
Then we can use some special characters to separate the different lines of the song.
IktIctnm*ianl*IwtsyOTD*bBBB
At first glance, it looks like complete gibberish… certainly not a song that has appeared on the Billboard Top 100 chart twice, over two decades apart. However, by thinking of the song, it becomes extremely easy to remember the password until typing it becomes muscle memory.
As a result, a password like this is ideal to use as a password manager’s master password, as it is extremely memorable, but equally complex.
Of course, now that we’ve used it as an example, “Bye Bye Bye” is not the song you want to use… but there are a lot of songs left to pick from. We recommend you use a song that’s already memorable to you, from your first dance to your favorite team’s fight song.
Of course, best practices would dictate that you assign a separate song to each account you have… so, if you’re anything like the average user, that means you’d have to associate a separate song and the adjustments you make to dozens of accounts. This, obviously, isn’t really sustainable for the average user (why else do you think lazy password practices, like reusing the same one over and over, are so common?). Fortunately, password managers can make this process far easier. Modern password managers feature the capability to create random and highly complex passwords, securely storing them in a vault so you don’t have to worry about memorizing them all.
Now, it is important that we make a particular distinction: the password managers that come built into browsers are not the password managers you should be using—they simply aren’t as secure as the standalone options out there. Businesses especially need to be selective about the system they use, using an option designed for enterprise use.
Of course, all of this will be for naught if your team isn’t using good password hygiene in general.
We can help get you set up with a quality password manager to help secure your business that much more. Reach out to us at (780) 409-8180 to learn more about how to get your cybersecurity in sync.