Lorrie Faith Cranor is the Director and Bosch Distinguished Professor in Security and Privacy Technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She also directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the MSIT-Privacy Engineering masters program. In 2016 she served as Chief Technologist at the US Federal Trade Commission, working in the office of Chairwoman Ramirez. She is also a co-founder of Wombat Security Technologies, Inc, a security awareness training company that was acquired by Proofpoint.

She has authored more than 200 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O’Reilly 2002). She has served on a number of boards and working groups, including the Electronic Frontier Foundation Board of Directors, the Computing Research Association Board of Directors, the Aspen Institute Cybersecurity Group, and on the editorial boards of several journals.

In her younger days she was honored as one of the top 100 innovators 35 or younger by Technology Review magazine. More recently she was elected to the ACM CHI Academy, named an ACM Fellow for her contributions to usable privacy and security research and education, and named an IEEE Fellow for her contributions to privacy engineering. She has also received an Alumni Achievement Award from the McKelvey School of Engineering at Washington University in St. Louis, the 2018 ACM CHI Social Impact Award, the 2018 International Association of Privacy Professionals Privacy Leadership Award, and (with colleagues) the 2018 IEEE Cybersecurity Award for Practice.

She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. She holds a doctorate in Engineering and Policy from Washington University in St. Louis. In 2012-13 she spent her sabbatical as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at Carnegie Mellon University where she worked on fiber arts projects that combined her interests in privacy and security, quilting, computers, and technology. She practices yoga, plays soccer, walks to work, and runs after her three children.

2107 Collaborative Innovation Center
Google Scholar
Lorrie Cranor
Lorrie Cranor's website

Online Security and Privacy


1996 Doctor of Science, Engineering and Policy, Washington University

1996 MS, Computer Science, Washington University

1993 MS, Technology and Human Affairs, Washington University

1992 BS, Engineering and Public Policy, Washington University


Media mentions

Houston Chronicle

Cranor quoted on talking to teens about social media and body image

CyLab Director Lorrie Cranor was quoted in the Houston Chronicle on how guardians can discuss body image issues and social media with their teenagers.


Cranor quoted on phishing and using caution

CyLab Director Lorrie Cranor was quoted in Yahoo! on phishing and being cautious with holiday deals.

CyLab Security and Privacy Institute

Play a video game, learn cybersecurity skills

“Katalyst” will be featured in this year’s picoCTF, an annual cybersecurity competition for middle and high school students created and run by CyLab.

CyLab Security and Privacy Institute

How does “normal” Internet browsing look today? Now we know.

A new CyLab study aims to capture what “normal” Internet browsing looks like to better understand how people are led to download malicious content, and to come up with ways to prevent that from happening.

CyLab Security and Privacy Institute

Collaboratory to share early research at the Eradicate Hate Global Summit

Next week, the Collaboratory Against Hate - Research and Action Center will be taking part in the inaugural Eradicate Hate Global Summit, a hybrid event focused on exchanging ideas around eradicating hate taking place at the David Lawrence Convention Center in downtown Pittsburgh.

The Next Web

Cranor quoted on secure storage

CyLab Director Lorrie Cranor was quoted by The Next Web about how to keep vaccination information secure on your phone.

Bloomberg Opinion

Cranor quoted on tracking software in kids' phones

CyLab Director Lorrie Cranor was quoted in Bloomberg Opinion on using tracking software in kids’ phones.

Consumers’ Checkbook

Cranor quoted about security threats posed by QR codes

In an article about the rise of the use of QR codes for “touchless interactions” over the course of the COVID-19 pandemic, CyLab Director Lorrie Cranor warned that while QR codes are good for retailers, they also provide malicious hackers with new tools. “Most of the time, the QR code takes you to whatever website you thought you were going to, but sometimes you wind up going to a phishing website or a website that’s full of viruses or malware,” she said.

New York Magazine

Cranor quoted on the importance of using password managers

In an article in New York Magazine about password managers, CyLab Director Lorrie Cranor stressed that password managers are important tools people should use to create strong passwords. “There are a number of excellent password managers out there, and it is more important that people use one than which one they use,” said Cranor.

CyLab Security and Privacy Institute

Undergrads around the nation partake in CyLab research

Roughly a dozen undergraduate students from as many colleges and universities around the country pursued security and/or privacy-focused research projects in this year’s REU program at CMU.

NBC News

Cranor quoted on virtual covid-19 vaccine passports

CyLab Director Lorrie Cranor was quoted in NBC News on privacy and efficacy concerns amongst demands for mandatory virtual Covid-19 Vaccine Passport use in New York.

CyLab Security and Privacy Institute

Two CyLab papers presented at the FTC’s PrivacyCon 2021

The FTC selected fewer than 20 papers to be presented at this year’s PrivacyCon, and two of them were written by CyLab researchers.