Lorrie Faith Cranor is the Director and Bosch Distinguished Professor in Security and Privacy Technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She also directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the MSIT-Privacy Engineering masters program. In 2016 she served as Chief Technologist at the US Federal Trade Commission, working in the office of Chairwoman Ramirez. She is also a co-founder of Wombat Security Technologies, Inc, a security awareness training company that was acquired by Proofpoint.

She has authored more than 200 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O’Reilly 2002). She has served on a number of boards and working groups, including the Electronic Frontier Foundation Board of Directors, the Computing Research Association Board of Directors, the Aspen Institute Cybersecurity Group, and on the editorial boards of several journals.

In her younger days she was honored as one of the top 100 innovators 35 or younger by Technology Review magazine. More recently she was elected to the ACM CHI Academy, named an ACM Fellow for her contributions to usable privacy and security research and education, and named an IEEE Fellow for her contributions to privacy engineering. She has also received an Alumni Achievement Award from the McKelvey School of Engineering at Washington University in St. Louis, the 2018 ACM CHI Social Impact Award, the 2018 International Association of Privacy Professionals Privacy Leadership Award, and (with colleagues) the 2018 IEEE Cybersecurity Award for Practice.

She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. She holds a doctorate in Engineering and Policy from Washington University in St. Louis. In 2012-13 she spent her sabbatical as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at Carnegie Mellon University where she worked on fiber arts projects that combined her interests in privacy and security, quilting, computers, and technology. She practices yoga, plays soccer, walks to work, and runs after her three children.

2107 Collaborative Innovation Center
Google Scholar
Lorrie Cranor
Lorrie Cranor's website

Online Security and Privacy


1996 Doctor of Science, Engineering and Policy, Washington University

1996 MS, Computer Science, Washington University

1993 MS, Technology and Human Affairs, Washington University

1992 BS, Engineering and Public Policy, Washington University


Media mentions

Ars Technica

Cranor discusses Twitter’s two-factor authentication changes

CyLab Director Lorrie Cranor discusses Twitter changing its two-factor authentication policy.


Cranor quoted by WIRED on Twitter policy change

CyLab Director Lorrie Cranor spoke to WIRED about Twitter's decision to provide only paid users with access to SMS-based two-factor authentication.

National Cybersecurity Alliance

Cranor participates in National Cybersecurity Alliance’s Data Privacy Week event

In celebration of Data Privacy Week, the National Cybersecurity Alliance held a LinkedIn live event to discuss the nuts and bolts of designing a product, business, or society with data privacy in mind. During the event, Lorrie Cranor presented the research behind CyLab’s privacy nutrition labels.

USA Today

Cranor quoted on password managers

CyLab Director Lorrie Cranor tells USA Today that despite LastPass’s December data breach, users should still consider using password managers. “If you adopt a password manager, you don’t have to think about coming up with unique and strong passwords anymore, and you don’t have to figure out how you are going to remember them.”

Consumer Reports

Cranor quoted on digital privacy practices

Consumer Reports reached out to CyLab Director Lorrie Cranor and other privacy experts to find out what they do to safeguard digital privacy in their own lives.

WTAE-TV Pittsburgh

Cranor helps explain record-breaking FTC settlement

'Fortnite' maker Epic Games will pay a record-breaking FTC settlement following U.S. Government allegations that claim the company violated federal children's privacy laws and misled players with deceptive surcharges. CyLab Director Lorrie Cranor helps explain.


Cranor shares tips for keeping personal information secure online

“When you create accounts online, use a different password for every account. That way, if your password gets compromised on one account, the attacker will not be able to break into all your other accounts. Completely random passwords are safest, but they tend to be harder to remember. Write them down in a safe place or use a password manager program.”

CyLab Security and Privacy Institute

CyLab members present research at annual FTC PrivacyCon

CyLab faculty, postdocs, and students presented their research at the FTC’s seventh annual PrivacyCon on November 1.

CyLab Security and Privacy Institute

CyLab proposes improved, consumer-friendly broadband “nutrition” labels

CyLab researchers have conducted a large-scale user study of more than 2,500 participants, uncovering the information most important to consumers shopping for broadband internet service and determining what terminology and presentation formats make this information most understandable and useful.

CyLab Security and Privacy Institute

CyLab presents IoT privacy and security label research at White House summit

Carnegie Mellon University CyLab Security and Privacy Institute took part in the White House’s Internet of Things (IoT) security summit to discuss what’s needed to foster an effective IoT security labeling ecosystem.


Cranor quoted on fine print around Google’s Location History settings and data collection practices

“There’s a lot of fine print when you pause location history. Most people aren’t going to read it, and even if you do, it is confusing. I’m a privacy expert, and I still find it difficult to understand exactly what is getting turned off.”

Pittsburgh Business Times

Cranor featured in 'Personalities of Pittsburgh' series

CyLab Director and professor in CMU's Software and Societal Systems (S3D) and Engineering and Public Policy (EPP) departments, Lorrie Cranor, was featured in the Pittsburgh Business Times 'Personalities of Pittsburgh' series. In the article, she discusses privacy and security, her career path, hobbies, and more.