Usable and Effective Online Security and Privacy

Lorrie Cranor

Carnegie Mellon University

Academic Position

Professor, Engineering & Public Policy Department
Carnegie Mellon University
2003 - current

Professor, School of Computer Science
Carnegie Mellon University
2003 - current

Education

B.S., in Engineering and Public Policy, 1992
Washington University

M.S., in Technology and Human Affairs, 1993
Washington University

M.S., in Computer Science, 1996
Washington University

D.Sc., in Engineering and Policy, 1996
Washington University

How to Contribute

Your contributions will support the continued research of Dr. Lorrie Cranor and her lab, the CyLab Usable Privacy and Security Laboratory, as she works to make online security and privacy more effective and usable. Donations will support graduate students, postdocs, and the user studies they conduct. Therefore, in choosing to support Dr. Cranor's research you will be a part of creating a more secure online experience and educating future scientists.

(858) 215-1136

REQUEST INFO

Empirical data increases effectiveness and usability of security and privacy

Passwords can be a challenge; many require symbols, have character length restrictions, or require words that aren't found in the dictionary. In a changing world where our Internet passwords protect an uncanny amount of information, it has become more important to understand why people choose passwords, how to create safe passwords, and how to store the passwords we have created. Dr. Lorrie Cranor, of Carnegie Mellon University, focuses on the human side of computer security and privacy. She studies how people work and use technology and then she and her team apply these findings to create more usable privacy and security solutions. Besides studying passwords, Dr. Cranor is working on tools to help people protect their privacy on social networks, understand privacy policies, avoid falling for phishing attacks, and keep their teenagers safe without invading their privacy. Dr. Cranor has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS).

Dr. Cranor's goal is to develop scientifically-validated processes and design patterns, and create guidelines that will provide a roadmap for system designers to build systems that are simultaneously usable and secure. At the intersection of several disciplines including human-computer interaction, computer security, privacy, public policy, social science, and engineering, Dr. Cranor hopes to make computer security and privacy easier for users. These interactions influence technology design decisions that, in turn, shape the possibilities for our social and business interactions. Through a multidisciplinary approach to privacy and security research, Dr. Cranor is working to gain a holistic understanding of privacy and security requirements in contexts where tensions exist, and to develop and scientifically validate solutions that address these requirements. Dr. Cranor is frequently invited to Capitol Hill to discuss her research with policy makers including the Federal Trade Commission, the Federal Communications Commission, and Congress.

Current research includes:

Secure Passwords: Dr. Cranor's research group is working on making passwords more secure, without making them hard to remember and use. They are analyzing tens of thousands of passwords created by participants in their studies and collected from leaked password sets, to determine how people create passwords in various contexts. Dr. Cranor and her team are running studies to compare the usability and security of various password policies in order to find those that offer the best balance of security and usability.
Privacy Policies: We know that nobody wants to spend time reading lengthy privacy policies filled with legalese, so Dr. Cranor and her team are developing approaches to make privacy policies easier to understand quickly both on websites and in mobile apps. Dr. Cranor developed and tested a "privacy nutrition label" and is now working on privacy plugins for web browsers. She and her team are also developing techniques so that personal web browsers can read privacy policies for users so they don't have to. They have also been studying online trackers and looking for ways to help users understand when they are being tracked and prevent tracking.
Teenagers and Parents: Dr. Cranor and her team have been interviewing teenagers and parents of teens to understand how they think about privacy and how they balance the teen's need for privacy and parents' desire to monitor their teens enough to keep them safe. Dr. Cranor wants to build tools to help facilitate communication between teens and parents and provide parents with some awareness of what their teens are doing, while giving teens some privacy.

Bio

Lorrie Faith Cranor is a Professor of Computer Scienceand of Engineering and Public Policy at Carnegie Mellon University where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS) and co-director of the MSIT-Privacy Engineering master's program. She is also a co-founder of Wombat Security Technologies, Inc. She has authored over 100 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability(O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P)Specification Working Group at the W3C and authored the book Web Privacy with P3P (O'Reilly 2002). She has served on a number of boards, including the Electronic Frontier Foundation Board of Directors, and on the editorial boards of several journals. In 2003, she was named one of the top 100 innovators 35 or younger by Technology Review magazine. She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. In 2012-13 she spent her sabbatical year as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at Carnegie Mellon University where she worked on fiber arts projects that combined her interests in privacy and security, quilting, computers, and technology.

Dr. Cranor is a technologist who is also fascinated by understanding people. She wants to understand how people use technology and design technologies that protect their security and privacy and are easy to use. In addition, she wants to inform public policy decisions related to security and privacy by presenting empirical data. When she graduated in 1996, she joined the research staff at AT&T Labs Research. Dr. Cranor spent most of the next seven years doing privacy-related research. She got involved in a privacy standards project at the World Wide Web Consortium (W3C) and became the working group chair. While working on that project she realized that in order for this standard to be successful, we would need to have good user interfaces for exposing privacy concepts to end users. So Dr. Cranor started focusing her research on usability issues in privacy and security. When she left AT&T in 2003 and joined the CMU faculty, she started a research lab focused on usable privacy and security.

Aside from her research, Dr. Cranor enjoys quilting in her free time. She first began quilting as a graduate student and has since created many beautiful quilts, including some inspired by her research, that have been featured in magazines and museum exhibits. In addition, she balances the role of researcher, professor, and mother of three. Lastly, Dr. Cranor recently started an adult women's soccer league for women who want to learn to play soccer!

Website: http://lorrie.cranor.org

In the News

What makes a good password?

The Naked Scientists

She Made Bad Passwords Fashionable: "Security Blanket" And Dress Promote Importance Of Using Good Passwords Online

Women You Should Know

A Computational Security Blanket

by Jim Austin, Science Careers

CMU introduces new masters program for technological privacy certification

Deborah M. Todd, Pittsburgh Post-Gazette

To Read All Those Web Privacy Policies, Just Take A Month Off Work

NPR

Publications

Parents' and Teens' Perspectives on Privacy in a Technology-Filled World. SOUPS 2014.

A Field Trial of Privacy Nudges for Facebook. CHI2014.

Your Attention Please: Designing security-decision UIs to make genuine risks harder to ignore. SOUPS 2013.

Measuring Password Guessability for an Entire University. ACM CCS 2013.

Correct horse battery staple: Exploring the usability of system-assigned passphrases. SOUPS 2012.

Videos

Lorrie Cranor

Privacy Nudges and Self-Censorship on Social Media

Lorrie Faith Cranor: What's wrong with your pa$$w0rd?

Awards

Montgomery Blair High School Magnet Foundation Distinguished Alumni Award, 2014

Symposium On Usable Privacy and Security Distinguished Paper Award, 2013

Information Systems Society and Information Systems Research Best Published Paper Award, 2012

Recognized as a Privacy by Design Ambassador by the Information and Privacy Commissioner, Ontario, Canada, 2012

Technology Review Top 100 Innovator 35 or Younger, 2003

ACM Fellow, 2014

"For contributions to research and education in usable privacy and security”

Patents

Patent

Norman Sadeh-Koniecpol, Paul Hankes Drielsma, Lorrie Faith Cranor, and Patrick Kelley. US Patent 8,423,483 User-controllable learning of policies. Issued April 16, 2013.