By Henry M. Sneath, Esq. – Chair of the Picadio Sneath Miller & Norton, P.C. Intellectual Property Group. Contact him at email@example.com
Last week a Pittsburgh federal court jury found on behalf of local university CMU against hard drive chip maker Marvell (See attached photo) on claims of patent infringement and willfulness. The $1.17 Billion award was huge by any standards and still faces post trial motions which could vacate the verdict or increase it for willfulness, which the jury found. Judge Fischer could grant any number of what will surely be multiple post trial motions including a motion for mistrial, which was made by Marvell counsel during CMU’s closing argument and on which she denied the motion without prejudice to rule on it after the announcement of a verdict. In other words, she could still grant a mistrial and vacate the one month trial and verdict. She could also increase the verdict by as much as threefold based on the willfulness finding. The article attached below indicates that no tech verdict this large has ever stood the test on appeal. Here is one of a number of good descriptions of the case as it has been written about extensively over the last week: http://arstechnica.com/tech-policy/2012/12/jury-slams-marvell-with-mammoth-1-17-billion-patent-verdict/
Here also is an interesting video take on the case. http://www.bloomberg.com/video/david-martin-on-carnegie-mellon-marvell-patent-case-er1U0P~yQXC616MuXqU_Hw.html
With the news that millions of LinkedIn passwords were compromised last week, we should all reconsider what passwords we are using and whether they are secure enough for our needs. As with most security issues, there is always a balance between having a password that is easy enough for you to remember but too difficult for someone else to guess. This article discusses some strategies and tips for creating and managing stronger passwords.
What Is a Bad Password?
Not all passwords are equal, and there are many that should simply be avoided for most applications. It goes without saying that “password” and “12345” are terrible passwords. A good lists of these “bad” passwords can be found here. In general, though, a bad password is one that is:
short (less than 8 characters)
a single word (in any language) that can be found in a dictionary
something that is readily identified with you (e.g., your name or your spouse’s, children’s, or parents’ name; the street you live on or the city you live in, etc.)
a variation on your login or username
adjacent letters or numbers (e.g., qwerty, 12345, abcde, etc.)
Looking through lists of bad passwords can be very enlightening and can give you some ideas of passwords to avoid.
What Is a Good Password?
Now that we know what types of passwords are not great, what types of passwords are better? A good password likely will have many of the following characteristics:
longer than 8 characters (generally, the longer the better)
have a mix of upper and lowercase letters, numbers, and symbols
be unrelated to any readily identifiable information about you
Again, there is always a balance between ease of use (i.e., something you can remember) and the strength of the password. A long string of random letters, numbers, and symbols is potentially very secure, but is, counterintuitively, not likely to be a good password if you can’t remember it. If you have to write down your password on a piece of paper in order to use it, your password is only as good as the security you have in place to protect that piece of paper.
Thankfully, there are a number of techniques you can use to create stronger passwords that you can remember. One of the most common is to use the first letters of a phrase. For example, if you choose the phrase “To be or not to be, that is the question,” the password would become “Tbontb,titq”. That seemingly random set of letters and symbols would not be susceptible to a dictionary attack (in which the attacker simply tries all the words in the dictionary), but would still be easily remembered. [For the record, this is such a common phrase, that it is likely a bad password. Choose a more obscure sentence or phrase to use, instead.] We could make this password stronger by changing some of the letters to numbers. For example, the “o” could become a zero and the “i” could become a one—so, the password would be “Tb0ntb,t1tq”.
Another common technique is to use unrelated words separated by numbers or symbols. The key to this approach is taking advantage of using the strength of longer passwords and introducing numbers and symbols to avoid dictionary attacks. For example, you could use “fruit25lawnmower#%”. For added strength, you could capitalize some of the letters and change some to numbers—“fRU1t25LawnM0wer#%”.
This is an interesting website where you can enter passwords, and it will assess their relative strengths. As always, you should be cautious about entering any passwords you actually use or intend to use. You can, however, enter similar passwords and begin to get a sense of what makes a stronger or weaker password.
More Dos and Don’ts
Now that we have talked about good and bad passwords, there are a few other points you should consider in managing your passwords.
The strength of your password should reflect the importance of that account to you (or your employer). Very important accounts, like your bank account, should be given the strongest password you can reasonably remember that is different from any other passwords you use. You should also consider regularly changing it in case it becomes compromised without your knowledge.
E-mail accounts should be considered important accounts and given stronger passwords. There can be a real danger if someone gains access to your e-mail account. For example, once you know someone’s username, many websites will allow you to reset the password by sending an e-mail to the registered address. If an attacker gains control of your e-mail, he or she can then reset the password to your bank account (or any other account).
Ideally, you should have a different password for every account or website. That way, if one password is compromised, it won’t compromise your others. Unfortunately, it can be difficult to remember which password you used with which account. To help with this problem, you should consider using a password management program that stores all of your passwords in one location (and is often designed to easily enter those passwords into website forms). These programs then use one master password to unlock all of your passwords. They can be very convenient and useful programs because they allow you to keep track of all of your passwords in a secure way. But, you are putting all your eggs in one basket, so the master password you choose should be strong and access to the program limited.
Finally, don’t write your passwords down on post-it notes on your computer monitor or in other easy-to-find places. If your password is too hard to remember, think about creating a different one that you can remember. On the other hand, it can make good sense to keep your passwords written down in a secure location in case you forget them, especially if the account provides no way to reset the password. Ideally, you should keep them in a locked location, though.
Having a good password requires some discipline and can be inconvenient at times. However, it can be far more inconvenient to have your account hacked and your money or information stolen. Taking a little time now to really think about how to create and manage your passwords can save you a lot of hassle in the future.
I take no credit for this post. We have been linking to a great site “Pittsblog” authored by Michael Madison, a UPitt Law Professor. He has published a series of great articles on “Open Innovation” in Pittsburgh and his latest is a good read. Check it out: http://pittsblog.blogspot.com/
The Pittsburgh technology community continues to grow and prosper. Old steel mill slabs are now covered with high-tech facilities and incubators. The Commonwealth of Pennsylvania pumped some new money into the Pittsburgh economy with 3 funding awards approved and administered by the Ben Franklin Technology Partners http://benfranklin.org/ (BFTP), a long time Pennsylvania authority which places state funding money with deserving partners. Through a competitive process, the following Pittsburgh based awards were approved by BFPT:
$100,000 for Idea Foundry for a technology development grant to help entrepreneurs in information technology or related engineering field create a business. With this funding, the nonprofit organization, which offers market analysis, product management, management team development and other services, is expected to spin out five new companies.
$450,000 for the Pennsylvania NanoMaterials Commercialization Center for a university research commercialization grant aimed at developing an industry and university network for building the state’s energy sector.
$600,000 for the University of Pittsburgh for a university research commercialization grant for an electric power and energy research project aimed at items such as power electronics, renewable energy and smart grid technology.
Contact our Pittsburgh Intellectual Property, Cyber and Data Security, Trade Secret, DTSA and Technology Attorneys at Houston Harbaugh, P.C. through IP and Litigation Sections Chair Henry M. Sneath at 412-288-4013 or firstname.lastname@example.org. While focusing first on health care and prevention issues for family, friends and employees, we are also beginning to examine the overall Covid Law related issues in business litigation, contract force majeure, trusts and estates litigation and insurance coverage issues that will naturally follow the economic disruption of the Covid-19 pandemic.
Some posts herein are from the HH-Law resources of PSMN® and PSMNLaw®. Business Litigation. Pittsburgh Strong® and DTSALaw®, PSMN® and PSMNLaw® are federally registered trademarks of HH-Law. See Firm Website at: https://www.hh-law.com/Professionals/Henry-Sneath.shtml