In order for security and privacy tools to work, they must be easily and intuitively usable—by everyone. With research spanning from developing tools that enable users to create strong and memorable passwords to automatically summarizing long, verbose privacy policies into readable, digestible chunks, CyLab researchers are focusing on ways to make security and privacy not feel like a hard task for users, but an easy, enjoyable experience.
- access control and authorization
- authentication and passwords
- privacy engineering
- security and privacy economics
- security education, awareness, and training
- security policy and regulation
- social networks security and privacy
- usable privacy and security
Usability @ CyLab
BUYER UNAWARE: Security and privacy rarely considered before buying IoT devices
Blame the tech, not the users
When a personal device has fallen victim to some sort of cyberattack, users often misdiagnose what exactly is going on. But they’re not the ones to blame. Those are the conclusions of a recent study led by researchers in Carnegie Mellon University’s CyLab.
Your smart home may soon have a smarter way to pair your devices
"Do you feel what I hear?" That’s a phrase that devices in smart homes may be asking each other in the future as a way to pair themselves without any assistance. CyLab researcher Jun Han presented a study titled "Do You Feel What I Hear? Enabling Autonomous IoT Device Pairing using Different Sensor Types" at the IEEE Security & Privacy Symposium in San Francisco.
What happens when you deploy 2-factor authentication at a university?
A team of CyLab researchers surveyed people's perceptions of 2FA as it was deployed at Carnegie Mellon, requiring anyone on CMU's payroll accessing their accounts to enter their password (factor 1) and confirm that they are the ones currently accessing their account using an app on their smartphone (factor 2).
CyLab’s Lorrie Cranor and her student Blase Ur win top SIGCHI awards
Lorrie Cranor, a professor in the Institute for Software Research and the Department of Engineering and Public Policy, is this year’s recipient of the Social Impact Award from the Association for Computing Machinery Special Interest Group on Computer Human Interaction (SIGCHI). Cranor’s former Societal Computing Ph.D. student Blase Ur won the group’s Outstanding Dissertation Award.
You added ‘!’ or ‘1’ to your password, thinking this made it strong. Science says no.
CyLab’s Lorrie Cranor, Nicolas Christin, Lujo Bauer, and their former students Blase Ur and Michelle Mazurek authored an article on their password research. The authors share ways that users can create stronger passwords, based on their research findings. Their recommendations include making your passwords at least 12 characters long and avoiding names of people, pets, places you've lived, and common words or phrases.
Cranor stresses the need to test privacy policies
At Enigma 2017, Lorrie Cranor stressed the importance of administering user testing on all privacy policies to ensure that users notice and understand them.
Manuel Blum advises: “Never memorize passwords. Compute them.”
“I never memorize passwords,” says Manuel Blum, a Turing Award-winning faculty in CyLab and a professor in the School of Computer Science at Carnegie Mellon University. “I may go to Amazon.com every other day, but I do not know my Amazon password. When I need it, I compute it.” Blum presented his ideas on password-computing algorithms at the USENIX Enigma Conference in Oakland, California.