Lorrie Faith Cranor is the Director and Bosch Distinguished Professor in Security and Privacy Technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She also directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the MSIT-Privacy Engineering masters program. In 2016 she served as Chief Technologist at the US Federal Trade Commission, working in the office of Chairwoman Ramirez. She is also a co-founder of Wombat Security Technologies, Inc, a security awareness training company that was acquired by Proofpoint.

She has authored more than 200 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O’Reilly 2002). She has served on a number of boards and working groups, including the Electronic Frontier Foundation Board of Directors, the Computing Research Association Board of Directors, the Aspen Institute Cybersecurity Group, and on the editorial boards of several journals.

In her younger days she was honored as one of the top 100 innovators 35 or younger by Technology Review magazine. More recently she was elected to the ACM CHI Academy, named an ACM Fellow for her contributions to usable privacy and security research and education, and named an IEEE Fellow for her contributions to privacy engineering. She has also received an Alumni Achievement Award from the McKelvey School of Engineering at Washington University in St. Louis, the 2018 ACM CHI Social Impact Award, the 2018 International Association of Privacy Professionals Privacy Leadership Award, and (with colleagues) the 2018 IEEE Cybersecurity Award for Practice.

She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. She holds a doctorate in Engineering and Policy from Washington University in St. Louis. In 2012-13 she spent her sabbatical as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at Carnegie Mellon University where she worked on fiber arts projects that combined her interests in privacy and security, quilting, computers, and technology. She practices yoga, plays soccer, walks to work, and runs after her three children.

2107 Collaborative Innovation Center
Google Scholar
Lorrie Cranor
Lorrie Cranor's website

Online Security and Privacy


1996 Doctor of Science, Engineering and Policy, Washington University

1996 MS, Computer Science, Washington University

1993 MS, Technology and Human Affairs, Washington University

1992 BS, Engineering and Public Policy, Washington University


Media mentions

The New York Times

Cranor and Haritos Tsamitis quoted on online privacy

CyLab Director Lorrie Cranor and INI Director Dena Haritos Tsamitis were quoted in The New York Times on privacy while working from home.

CyLab Security and Privacy Institute

Finally: a usable and secure password policy backed by science

After nearly a decade of studies, the passwords research group in Carnegie Mellon’s CyLab Security and Privacy Institute has developed a policy for creating passwords that maintains balance between security and usability—one backed by hard science.

CyLab Security and Privacy Institute

Cyber defense is an art in human deception

CyLab's Coty Gonzalez and her research group presented two studies on cyber deception at this week’s Human Factors and Ergonomics Society annual meeting. CyLab director Lorrie Cranor gave the meeting’s keynote talk.

CyLab Security and Privacy Institute

CyLab releases 2019-2020 Year in Review

CyLab has just released its 2019-2020 Year in Review, which highlights research, talks, papers, and other key events that have occurred in the past twelve months.


Cranor quoted on preventing hackers

CyLab Director Lorrie Cranor was quoted in WTAE on how to prevent hackers in online classrooms.

Kansas Reflector

Cranor quoted on online privacy

CyLab Director Lorrie Cranor was quoted in the Kansas Reflector about online privacy when registering to vote.

Fast Company

Cranor and Habib published on private browsing

CyLab Director Lorrie Cranor and Ph.D. student Hana Habib were published in Fast Company on misconceptions about private online browsing, commonly known as “incognito mode.”

CyLab Security and Privacy Institute

Three CyLab papers presented at the FTC’s PrivacyCon 2020

Three CyLab papers were presented at this year's PrivacyCon, focusing on privacy and security nutrition labels, making privacy choices easier, and perceptions of advanced video analytics.

Consumer Reports

Cranor quoted on iPhone privacy

CyLab Director Lorrie Cranor was quoted in Consumer Reports on Apple’s new privacy features.

CyLab Security and Privacy Institute

How much control are people willing to grant to a personal privacy assistant?

In a new study presented at the CHI 2020 conference, CyLab researchers sought to find out how much autonomy people would feel comfortable giving to a personalized privacy assistant.


CyLab researchers quoted about IoT labels

CyLab Director Lorrie Cranor, CyLab/ISR’s Yuvraj Agarwal, and CyLab’s Pardis Emami-Naeini were quoted in WIRED about the concept of IoT privacy and security “nutrition labels,” which their group has studied extensively.

CyLab Security and Privacy Institute

IoT labels will help consumers figure out which devices are spying on them

A team of CyLab researchers have developed a prototype security and privacy “nutrition label” that performed well in user tests. To develop the label, the team consulted with a diverse group of 22 security and privacy experts across industry, government, and academia.