Skip to main content

Lorrie Cranor

Professor, School of Computer Science and Engineering and Public Policy; Director, CyLab Usable Privacy and Security Lab

[Email]

Lorrie Cranor

Research Areas

Privacy Protection

Cross Cutting Thrusts

Usable Privacy and Security

Biography

Lorrie Faith Cranor is a Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS) and co-director of the MSIT-Privacy Engineering masters program. She is also a co-founder of Wombat Security Technologies, Inc. She has authored over 100 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O'Reilly 2002). She has served on a number of boards, including the Electronic Frontier Foundation Board of Directors, and on the editorial boards of several journals. In 2003 she was named one of the top 100 innovators 35 or younger by Technology Review magazine and in 2014 she was named an ACM Fellow for her contributions to usable privacy and security research and education. She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. In 2012-13 she spent her sabbatical year as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at Carnegie Mellon University where she worked on fiber arts projects that combined her interests in privacy and security, quilting, computers, and technology. She practices yoga, plays soccer, and runs after her three children.

Education

B.S. (Engineering and Public Policy) 1992, Washington University in St. Louis
M.S. (Technology and Human Affairs) 1993, Washington University in St. Louis
M.S. (Computer Science) 1996, Washington University in St. Louis
D.Sc. (Engineering and Policy) 1996, Washington University in St. Louis

Research Projects

Password-Composition Policies and the Security and Usability of Passwords

Research Area: Privacy Protection
Cross Cutting Thrusts: Usable Privacy and Security
Researchers: Lujo Bauer, Nicolas Christin, Lorrie Cranor

Passwords

Cross Cutting Thrusts: Usable Privacy and Security
Researchers: Lujo Bauer, Lorrie Cranor, Nicolas Christin

Privacy notice and choice in practice

Research Area: Privacy Protection
Cross Cutting Thrusts: Usable Privacy and Security
Researcher: Lorrie Cranor

Secure digital home

Research Area: Secure Home Computing
Cross Cutting Thrusts: Usable Privacy and Security
Researchers: Lujo Bauer, Greg Ganger, Lorrie Cranor

Usable Cyber Trust Indicators

Research Area: Privacy Protection
Cross Cutting Thrusts: Usable Privacy and Security
Researcher: Lorrie Cranor

Improving the Security and Usability of Text Passwords

Cross Cutting Thrusts: Usable Privacy and Security
Researchers: Lorrie Cranor, Lujo Bauer, Nicolas Christin

Privacy Decision-Making

Research Area: Privacy Protection
Cross Cutting Thrusts: Usable Privacy and Security
Researchers: Lorrie Cranor, Alessandro Acquisti

Secure Home Storage

Research Area: Secure Home Computing
Cross Cutting Thrusts: Usable Privacy and Security
Researchers: Lujo Bauer, Lorrie Cranor, Greg Ganger

User-Controllable Security and Privacy for Pervasive Computing

Research Area: Privacy Protection | Mobility
Cross Cutting Thrusts: Usable Privacy and Security
Researchers: Norman Sadeh, Jason Hong, Lorrie Cranor, Lujo Bauer

User-Controllable Policy Learning

Research Area: Mobility | Privacy Protection
Cross Cutting Thrusts: Usable Privacy and Security
Researchers: Norman Sadeh, Lorrie Cranor

Privacy Nudging

Research Area: Privacy Protection
Cross Cutting Thrusts: Usable Privacy and Security
Researchers: Alessandro Acquisti, Lorrie Cranor, Norman Sadeh

User Controllable Security & Privacy for Mobile Social Networking

Research Area: Mobility | Privacy Protection
Cross Cutting Thrusts: Usable Privacy and Security
Researchers: Norman Sadeh, Lorrie Cranor, Jason Hong

Securing the Digital Home

Research Area: Secure Home Computing
Cross Cutting Thrusts: Usable Privacy and Security
Researchers: Lujo Bauer, Lorrie Cranor, Greg Ganger, Adrian Perrig

Security Quality Requirements Engineering (SQUARE) Project

Cross Cutting Thrusts: Formal Methods | Software Security
Researchers: Nancy Mead, Lorrie Cranor

Effective Trust Indicators

Research Area: Privacy Protection
Cross Cutting Thrusts: Usable Privacy and Security
Researcher: Lorrie Cranor

Mobile Users Effectively Control Privacy in a Friend-Finder Application

Research Area: Mobility | Privacy Protection
Cross Cutting Thrusts: Usable Privacy and Security
Researchers: Norman Sadeh, Lorrie Cranor, Jason Hong

Computer-Readable Privacy Policies

Cross Cutting Thrusts: Usable Privacy and Security
Researcher: Lorrie Cranor

Supporting Trust Decisions

Researchers: Lorrie Cranor, Norman Sadeh

Publications

"Tracking and Surveillance". L. Cranor, M. Sleeper, and B. Ur, in Introduction to IT Privacy: A Handbook for Technologists IAPP, 2014.

"A field trial of privacy nudges for facebook". Y. Wang, P. G. Leon, A. Acquisti, L. Cranor, A. Forget, and N. Sadeh, in CHI ’14: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, New York, NY, USA: ACM, pp. 2367–2376, 2014.

"Electronic privacy and surveillance". J. P. Hourcade, A. Cavoukian, R. Deibert, L. Cranor, and I. Goldberg, in CHI EA ’14: CHI ’14 Extended Abstracts on Human Factors in Computing Systems, New York, NY, USA: ACM, pp. 1075–1080, 2014.

"Telepathwords: preventing weak passwords by reading users’ minds". S. Komanduri, R. Shay, L. Cranor, C. Herley, and S. Schechter, in SEC’14: Proceedings of the 23rd USENIX conference on Security Symposium, Berkeley, CA, USA: USENIX Association, pp. 591–606, 2014.

"Building the security behavior observatory: an infrastructure for long-term monitoring of client machines".  A. Forget, S. Komanduri, A. Acquisti, N. Christin, L. Cranor, and R. Telang, HotSoS ’14: Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, pp. 1–2, 2014.

"Can Long Passwords Be Secure and Usable?". R. Shay, S. Komanduri, A. Durity, P. Huh, M. Mazurek, S. Segreti, B. Ur, L. Bauer, N. Christin, and L. Cranor, CHI: Conference Proceedings, Conference on Human Factors in Computing Systems, 2014.

"Measuring password guessability for an entire university". Mazurek, M. L., Komanduri, S., Vidas, T., Bauer, L., Christin, N., Cranor, L. F., Kelley, P. G., Shay, R., & Ur, B. (2013). ACM Conference on Computer and Communications Security Proceedings, 173-186.

"Structuring PLFS for Extensibility". Cranor, C., Polte, M., & Gibson, G. (2013).  PDSW '13 Proceedings of the 8th Parallel Data Storage Workshop, 20-26.

"The post anachronism: The temporal dimension of Facebook privacy". Bauer, L., Cranor, L., Komanduri, S., Mazurek, M. L., Reiter, M. K., Sleeper, M., & Ur, B. (2013). Proceedings of the 12th Annual Workshop on Privacy in the Electronic Society. ACM.

"The impact of length and mathematical operators on the usability and security of system-assigned one-time PINs". Kelley, P. G., Komanduri, S., Mazurek, M. L., Shay, R., Vidas, T., Bauer, L., Christin, N., & Cranor, L. (2013). 2013 Workshop on Usable Security (USEC), volume 7862 of Lecture Notes in Computer Science (vol. 7862, pp. 34-51). Springer.