Cybersecurity expert to speak at annual Krause Lecture in Science

Lorrie Cranor photo

It's almost impossible not to hear or read something about cybersecurity these days, and issues related to it are on the rise.

The 2018 Ellis L. and Jennie Mae Krause Lecture in Science at Marietta College will focus on “What’s wrong with your pa$$word?” as Dr. Lorrie Cranor delivers the address at 7 p.m., Tuesday, April 10th, in the Alma McDonough Auditorium.

The lecture is free and open to the public.

Cranor is the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University, where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS).

“Users struggle to follow complicated password rules, and often reuse their passwords or add digits and special characters in predictable places, resulting in weak passwords,” Cranor said. “In our research at Carnegie Mellon University, we seek to advance understanding of the factors that make following password policies difficult, collect empirical data on password strength and memorability under various password policies, and propose password policy guidelines to  maximize security and usability of passwords simultaneously."

Cranor, who is also the associate department head of the Engineering and Public Policy Department and co-director of the MSIT- Privacy Engineering master’s program at Carnegie Mellon, said the research group has conducted a series of online studies in which they asked tens of thousands of people to create passwords that comply with specific password policies. From that, they developed an efficient method for calculating how effectively several password-guessing algorithms guess passwords and used it to analyze leaked password sets, passwords created for the studies, and the single-sign-on passwords used by over 25,000 faculty, staff, and students at Carnegie Mellon.

“We investigated a variety of password policies, including those with requirements on length and types of characters, as well as those that use passphrases and password meters,” she said. “We studied user perceptions of password security and developed an open source password meter based on our research. In this talk, I will discuss our passwords research and highlight some of our most interesting findings. I’ll also describe ways attackers crack passwords and what you can do to prevent your passwords from being compromised.”

In 2016, Cranor served as Chief Technologist at the U.S. Federal Trade Commission. She is also a co-founder of Wombat Security Technologies, Inc., a security awareness training company. She is a fellow of the ACM and IEEE and a member of the ACM CHI Academy.​