Carnegie Mellon University

Lorrie Faith Cranor

Lorrie Faith Cranor

FORE Systems Professor, Engineering & Public Policy, and School of Computer Science
Director and Bosch Distinguished Professor in Security and Privacy Technologies, CyLab Usable Privacy and Security Laboratory
Co-director, MSIT-Privacy Engineering Masters Program

Address
CyLab Usable Privacy and Security Laboratory
Carnegie Mellon University
5000 Forbes Avenue
Pittsburgh, PA 15213

Bio

  • Professor, Carnegie Mellon, 2014-present
  • Chief Technologist, US Federal Trade Commission, 2016
  • Associate Professor, Carnegie Mellon, 2008-2014
  • Associate Research Professor, Carnegie Mellon 2003-2008
  • Adjunct Assistant Professor of Information Systems, New York University Stern School of Business, 2003
  • Principal Technical Staff Member, AT&T Labs-Research 2001-2003
  • Senior Technical Staff Member, AT&T Labs-Research 1996-2001

Lorrie Faith Cranor is a Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS) and co-director of the MSIT-Privacy Engineering masters program. In 2016 she served as Chief Technologist at the US Federal Trade Commission, working in the office of Chairwoman Ramirez. She is also a co-founder of Wombat Security Technologies, Inc, a security awareness training company. She has authored over 150 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O'Reilly 2002). She has served on a number of boards, including the Electronic Frontier FoundationBoard of Directors, and on the editorial boards of several journals. In her younger days she was honored as one of the top 100 innovators 35 or younger by Technology Review magazine. More recently she was named an ACM Fellow for her contributions to usable privacy and security research and education, and an IEEE Fellow for her contributions to privacy engineering. She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. She holds a doctorate in Engineering and Policy from Washington University in St. Louis. In 2012-13 she spent her sabbatical as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at Carnegie Mellon University where she worked on fiber arts projects that combined her interests in privacy and security, quilting, computers, and technology. She practices yoga, plays soccer, and runs after her three children.

Education

  • B.S. (Engineering and Public Policy) 1992, Washington University in St. Louis
  • M.S. (Technology and Human Affairs) 1993, Washington University in St. Louis
  • M.S. (Computer Science) 1996, Washington University in St. Louis M
  • D.Sc. (Engineering and Policy) 1996, Washington University in St. Louis

Research

My research focuses on usable privacy and security. My current projects fall into several overlapping areas: privacy decision making (including applications of P3P), user-controllable security and privacy (including location-sharing privacy and file access control in the home), and usable cyber trust indicators, and and usable and secure passwords. Prior to coming to CMU I did research on P3P, electronic voting, security vulnerabilities in the movie production and distribution proces, and other topics.

Publications

Selected Publications

  1. Pardis Emami-Naeini, Henry Dixon, Yuvraj Agarwal, and Lorrie Faith Cranor. 2019. Exploring How Privacy and Security Factor into IoT Device Purchase Behavior. In CHI Conference on Human Factors in Computing Systems USA, Paper 534, 12 pages. https://dl.acm.org/citation.cfm?id=3300764
  2. Pardis Emami-Naeini, Martin Degeling, Lujo Bauer, Richard Chow, Lorrie Cranor, Mohammad Reza Haghighat, and Heather Patterson. The Influence of Friends and Experts on Privacy Decision Making in IoT Scenarios. The 21st ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW '18), Nov 2018. https://dl.acm.org/citation.cfm?id=3274317
  3. Hana Habib, Pardis Emami Naeini, Summer Devlin, Maggie Oates, Chelse Swoopes, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. User Behaviors and Attitudes Under Password Expiration Policies. Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), Baltimore, MD, pp. 13-20.  https://www.usenix.org/system/files/conference/soups2018/soups2018-habib-password.pdf
  4. Hana Habib, Jessica Colnago, Vidya Gopalakrishnan, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, and Lorrie Faith Cranor. Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing. Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), Baltimore, MD, pp. 159-175. https://www.usenix.org/system/files/conference/soups2018/soups2018-habib-prying.pdf
  5. Joshua Tan, Lujo Bauer, Joe Bonneau, Lorrie Cranor, Jeremy Thomas, and Blase Ur. Can unicorns help users compare crypto key fingerprints? CHI 2017, Denver, CO, May 6-11, 2017. https://dl.acm.org/citation.cfm?id=3025733

  6. Maggie Oates, Yama Ahmadullah, Abigail Marsh, Chelse Swoopes, Shikun Zhang, Rebecca Balebako, and Lorrie Cranor. Turtles, Locks, and Bathrooms: Understanding Mental Models of Privacy Through Illustration. Proceedings on Privacy Enhancing Technologies, 2018 (4):5–32. [Best student paper award] https://petsymposium.org/2018/files/papers/issue4/popets-2018-0029.pdf

  7. Jessica Colnago, Summer Devlin, Maggie Oates, Chelse Swoopes, Lujo Bauer, Lorrie Cranor, and Nicolas Christin. 2018. “It's not actually that horrible”: Exploring Adoption of Two-Factor Authentication at a University. CHI 2018, Montreal, QC Canada, April 21-26, 2018. https://dl.acm.org/citation.cfm?id=3174030
  8. Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, and Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat. 24th ACM Conference on Computer and Communications Security (CCS’17). 2017.  https://dl.acm.org/citation.cfm?id=3133956.3133973
  9. Blase Ur, Felicia Alfieri, Maung Aung, Lujo Bauer, Nicolas Christin, Jessica Colnago, Lorrie Faith Cranor, Henry Dixon, Pardis Emami Naeini, Hana Habib, Noah Johnson, and William Melicher. 2017. Design and Evaluation of a Data-Driven Password Meter. CHI 2017. http://dl.acm.org/citation.cfm?id=3026050&CFID=931599301
  10. W. Melicher, B. Ur, S. Segreti, S. Komanduri, L. Bauer, N. Christin, L. Cranor. Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks. USENIX Security, August 10-12, 2016, Austin, TX. https://www.ece.cmu.edu/~lbauer/papers/2016/usenixsec2016-neural-passwords.pdf
  11. B. Ur, J. Bees, S. Segreti, L. Bauer, N. Christin, and L. F. Cranor. CHI'16. Do users' perceptions of password security match reality? http://www.ece.cmu.edu/~lbauer/papers/2016/chi2016-pwd-perceptions.pdf
  12. F. Schaub, R. Balebako, A. Durity, and L. Cranor. A Design Space for Effective Privacy Notices. SOUPS 2015. https://www.usenix.org/system/files/conference/soups2015/soups15-paper-schaub.pdf
  13. R. Shay, L. Bauer, N. Christin, L. Cranor, A. Forget, S. Komanduri, M. Mazurek, W. Melicher, S. Segreti, and B. Ur. A Spoonful of Sugar? The Impact of Guidance and Feedback on Password-Creation Behavior. CHI 2015. http://cups.cs.cmu.edu/rshay/pubs/Feedback.pdf
  14. Chandrasekhar Bhagavatula, Blase Ur, Kevin Iacovino, Su Mon Kywe, Lorrie Faith Cranor, Marios Savvides. Biometric Authentication on iPhone and Android: Usability, Perceptions, and Influences on Adoption. USEC 2015, February 8, 2015. http://www.internetsociety.org/doc/biometric-authentication-iphone-and-android-usability-perceptions-and-influences-adoption
  15. F. Schaub, R. Balebako, A. Durity, and L. Cranor. Designing Effective Privacy Notices. SOUPS 2015. https://www.usenix.org/conference/soups2015/proceedings/presentation/schaub
  16. B. Ur, F. Noma, J. Bees, S. Segreti, R. Shay, L. Bauer, N. Christin, and L. Cranor. "I Added '!' at the End to Make It Secure": Observing Password Creation in the Lab. SOUPS 2015. https://www.usenix.org/conference/soups2015/proceedings/presentation/ur
  17. Saranga Komanduri, Richard Shay, Lorrie Faith Cranor, Cormac Herley, and Stuart Schechter. Telepathwords: Preventing Weak Passwords by Reading Users' Minds. USENIX Security 2014. August 20-22, 2014, San Diego, CA, pp. 591-606. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/komanduri
  18. L. Cranor, A. Durity, A. Marsh, and B. Ur. Parents' and Teens' Perspectives on Privacy in a Technology-Filled World. SOUPS 2014.  https://www.usenix.org/conference/soups2014/proceedings/presentation/cranor
  19. C. Bravo-Lillo, L. Cranor, S. Komanduri, S. Schechter, M. Sleeper. Harder to Ignore? Revisiting Pop-Up Fatigue and Approaches to Prevent It. SOUPS 2014.  https://www.usenix.org/conference/soups2014/proceedings/presentation/bravo-lillo
  20. Richard Shay, Saranga Komanduri, Adam L. Durity, Philip (Seyoung) Huh, Michelle L. Mazurek, Sean M. Segreti, Blase Ur, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. Can long passwords be secure and usable? In CHI 2014: Conference on Human Factors in Computing Systems, April 2014. ACM.  http://lorrie.cranor.org/pubs/longpass-chi2014.pdf
  21. Y. Wang, P. Leon, A. Acquisti, L.F. Cranor, A. Forget, N. Sadeh. A Field Trial of Privacy Nudges for Facebook. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI2014).  http://yangwang.syr.edu/papers/CHI2014.pdf
  22. M.L. Mazurek, S. Komanduri, T. Vidas, L. Bauer, N. Christin, L.F. Cranor, P.G. Kelley, R. Shay, and B. Ur. Measuring Password Guessability for an Entire University. ACM CCS 2013.  https://www.cylab.cmu.edu/research/techreports/2013/tr_cylab13013.html
  23. C. Bravo-Lillo, L.F. Cranor, J. Downs, S. Komanduri, R.W. Reeder, S. Schechter, and M. Sleeper. Your Attention Please: Designing security-decision UIs to make genuine risks harder to ignore. In Proceedings of the Eight Symposium On Usable Privacy and Security (SOUPS ’13), Newcastle, United Kingdom, 2013.  http://cups.cs.cmu.edu/soups/2013/proceedings/a6_Bravo-Lillo.pdf
  24. P.G. Leon, B. Ur, Y. Wang, M. Sleeper, R. Balebako, R. Shay, L. Bauer, M. Christodorescu, L.F. Cranor. What Matters to Users? Factors that Affect Users' Willingness to Share Information with Online Advertisers. In Proceedings of the Eight Symposium On Usable Privacy and Security (SOUPS ’13), Newcastle, United Kingdom, 2013.  http://cups.cs.cmu.edu/soups/2013/proceedings/a7_Leon.pdf
  25. B. Ur, P.G. Kelley, S. Komanduri, J. Lee, M. Maass, M. Mazurek, T. Passaro, R. Shay, T. Vidas, L. Bauer, N. Christin, and L.F. Cranor. How does your password measure up? The effect of strength meters on password creation. USENIX Security 2012.  http://www.ece.cmu.edu/~lbauer/papers/2012/usenix2012-meters.pdf
  26. P. Klemperer, Y. Liang, M. Mazurek, M. Sleeper, B. Ur, L. Bauer, L.F. Cranor, N. Gupta, and M. Reiter. Tag, You Can See It! Using Tags for Access Control in Photo Sharing. CHI 2012.  http://www.ece.cmu.edu/~lbauer/papers/2012/chi2012-tags.pdf
  27. L.F. Cranor. Necessary But Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice. Journal of Telecommunications and High Technology Law, Vol. 10, No. 2, 2012.  http://www.jthtl.org/content/articles/V10I2/JTHTLv10i2_Cranor.PDF

Secretary:

Tiffany M. Todd - (412) 268-6367