Usability

In order for security and privacy tools to work, they must be easily and intuitively usable—by everyone. With research spanning from developing tools that enable users to create strong and memorable passwords to automatically summarizing long, verbose privacy policies into readable, digestible chunks, Carnegie Mellon University CyLab researchers are focusing on ways to make security and privacy not feel like a hard task for users, but an easy, enjoyable experience.

People

Learn who at CyLab is working in usability and human behavior.

Subtopics

We have researchers working in the following subtopics of applications of security and privacy. Check out each of their research:

Related news

Less is not more; Mapping a better route to user ad settings

For users looking to change their privacy settings on websites like Facebook, it often feels like a scavenger hunt. Now, researchers from Carnegie Mellon and the University of Michigan are exploring design options to make settings related to advertising preferences more findable.

Cookie consent banners need improvement, may not be the answer

Over the past several years, websites have begun implementing cookie consent banners to meet regulatory requirements, allowing users to make choices about how their personal information is collected and shared. However, CyLab researchers say many of these banners miss the mark and may not be the best way to offer users privacy options.

CyLab icon connects users with online privacy choices

Have you noticed the new icon popping up on websites across the Internet? Thanks to researchers at Carnegie Mellon’s CyLab Security and Privacy Institute, the University of Michigan, and Fordham University, users can now easily make choices about how websites use their personal information, all in one convenient spot.

CyLab proposes improved, consumer-friendly broadband “nutrition” labels

CyLab researchers have conducted a large-scale user study of more than 2,500 participants, uncovering the information most important to consumers shopping for broadband internet service and determining what terminology and presentation formats make this information most understandable and useful.

Usable but not understood: a case study on chatbots and HIPAA

Achieving consent online is a challenge. Throw that into the context of healthcare, and it becomes enormously challenging. A new study by CyLab's Sarah Pearman takes a deep dive.

Cookie consent notices are actually unusable, according to science

A new study by CyLab researchers shows just how truly unusable cookie consent interfaces are.

Lorrie Cranor receives honorary doctorate

Cranor received the honorary degree "for her relentless pursuit of making privacy and security usable..."

CyLab researchers investigate Apple’s privacy labels

Roughly a year after Apple rolled out its privacy label requirements, CyLab researchers have gained a comprehensive look at the state of iOS privacy labels.

See More Stories

Why should we use password managers? We asked a security researcher.

The most common passwords in 2021 were (1) 123456, (2) 123456789, and (3) qwerty. We sat down with a CyLab researcher to better understand why password managers are such useful tools in securing our accounts, and why more of us should use them.

Eleanor Birrell wants to improve your experience with security and privacy

Gaining a better understanding of how to study users in security contexts is exactly what has brought Birrell to Carnegie Mellon. She began a 12-month sabbatical with CyLab this Fall.

Avoid a privacy nightmare with “Lean Privacy Review”

CyLab researchers have developed a fast, cheap, and easy-to-access method to catch privacy issues early in a system’s development process.

CyLab names 2021 Presidential Fellows

Four high-achieving CyLab Ph.D. students pursuing security and/or privacy-related research have been awarded CyLab Presidential Fellowships.

Two CyLab papers presented at the FTC’s PrivacyCon 2021

The FTC selected fewer than 20 papers to be presented at this year’s PrivacyCon, and two of them were written by CyLab researchers.

One size does not fit all when managing data practices on the web

A new study by Carnegie Mellon University CyLab researchers aimed to learn about users' awareness of data practices, how they felt about them, and how much control they perceived to have over them.

Misconceptions plague security and privacy tools

According to a new study out of CyLab, people hold a myriad of misconceptions about the security and privacy tools out there meant to help protect our privacy and online security.

CyLab researchers shine at PEPR 2021

More than 500 people gathered virtually at last week’s PEPR conference, perhaps the largest gathering of privacy engineers ever.

How to teach about privacy… using “potty talk”

Lorrie Cranor believes that bathrooms—these very intimate spaces for people of all ages—are surprisingly useful for conveying concepts related to both privacy and usability.

CyLab’s IoT security and privacy label effectively conveys risk, study finds

The study, presented at this week’s IEEE Symposium on Security and Privacy, helps bridge the gap between experts’ knowledge and consumers’ understanding of privacy and security risks.

CyLab researchers develop new guidance for designing privacy choices

In a new study presented at this week’s ACM CHI conference, CyLab researchers outlined a set of standards and taxonomy to help alleviate the void in guidance that still leaves privacy choices muddied for users.

CMU-Africa and CyLab aim to improve financial inclusion in emerging economies

Carnegie Mellon University (CMU) CyLab and CMU-Africa have established the CyLab-Africa initiative, which aims to improve the cybersecurity of financial systems in Africa and other emerging economies.

Phishing, fairness, and more: CyLab’s 2021 seed funding awardees

Over $350K in seed funding has been awarded to 14 different faculty and staff in seven different departments across three colleges at CMU.

How CyLab researchers are safeguarding digital transactions

A new programming language developed by CyLab Ph.D. student Ankush Das aims to reduce the number of errors made in smart contracts.

What if opting out of data collection were easy?

Recent work by researchers in Carnegie Mellon University CyLab has shown that it is possible to use machine learning techniques to automatically extract and classify some of these opt-out choices, and introduces a new, handy browser extension.

CyLab researchers design privacy icon to be used by California law

The state of California has proposed an official icon to include next to opt-out text—a blue stylized toggle icon developed by researchers from Carnegie Mellon University’s CyLab and the University of Michigan’s School of Information. Users may begin seeing the new stylized icon at the bottom of websites’ footers early next year.

App and infrastructure alert users about data collection around them

The IoT Assistant app and digital infrastructure, developed by researchers in Carnegie Mellon University’s CyLab, paves the way for people to take control of their privacy amid the booming Internet of Things.

Lorrie Cranor named AAAS Fellow Opens in new window

Lorrie Cranor has been named a Fellow of the American Association for the Advancement of Science (AAAS) for her contributions to usable privacy and security research, policy, and education.

Cyber defense is an art in human deception

CyLab's Coty Gonzalez and her research group presented two studies on cyber deception at this week’s Human Factors and Ergonomics Society annual meeting. CyLab director Lorrie Cranor gave the meeting’s keynote talk.

Ads may not provide benefits companies say they do

A recent study by researchers in Carnegie Mellon University’s CyLab and Heinz College tests claims by the advertising industry that online ads help consumers find better, cheaper products faster.

Home automation rules are more risky and less risky than we thought

A recent CyLab study found that previous risks in home automation rules aren’t as dangerous in reality as once thought, but new threats were identified.

Simple “nudges” can encourage people to use a safer payment method

A team of CyLab researchers have found two forms of "nudging" that can successfully convince people to start using mobile payment, which is more secure than paying with a credit card at a point-of-sale terminal.

CyLab names 2020 Presidential Fellows

Seven Ph.D. students pursuing security and/or privacy research will receive 2020 CyLab Presidential Fellowships.

Three CyLab papers presented at the FTC’s PrivacyCon 2020

Three CyLab papers were presented at this year’s PrivacyCon, focusing on privacy and security nutrition labels, making privacy choices easier, and perceptions of advanced video analytics.

Shedding light (and sound) on hidden IoT devices in your next hotel room

In a new study, a team of CyLab researchers explored different locator designs to make IoT devices seem a little less hidden.

Research paper Opens in new window

How much control are people willing to grant to a personal privacy assistant?

In a new study presented at the CHI 2020 conference, CyLab researchers sought to find out how much autonomy people would feel comfortable giving to a personalized privacy assistant.

Research paper Opens in new window

Privacy perceptions of contact-tracing apps

Researchers at Carnegie Mellon University examined user preferences on six different contact-tracing app designs after explaining the risks and benefits of each option.

Finding privacy choices on websites is hard for average users.

In a study presented at this year's ACM CHI conference, CyLab researchers show precisely how difficult it is for average users to access privacy choices online.

Research paper Opens in new window

Research paper Opens in new window

IoT labels will help consumers figure out which devices are spying on them

A team of CyLab researchers have developed a prototype security and privacy “nutrition label” that performed well in user tests. To develop the label, the team consulted with a diverse group of 22 security and privacy experts across industry, government, and academia.

Research paper Opens in new window

After a breach, users rarely change their passwords, and when they do, they’re often weaker

A recent study authored by CyLab researchers shows that only a minority of people change their passwords after a security breach, and those that do often change them to weaker ones.

Passwords research group awarded the 2020 Allen Newell Award for Research Excellence

A group of CyLab faculty and graduate students were just awarded the Allen Newell Award for Research Excellence for their contributions from a decade of passwords research.

Online status indicators during a pandemic: do they work?

People working from home have been using online status indicators to check whether their co-workers are available, but recent CyLab research shows that these indicators lead to some strange behaviors.

Research paper Opens in new window

Q&A with Lujo Bauer

Many Americans are entering their fifth of working remotely, which has resulted in new paradigms in their own and their employers’ cybersecurity and privacy. CyLab's Lujo Bauer has been monitoring the situation.

Q&A with Lorrie Cranor

As COVID-19 continues to spread around the world, CyLab director Lorrie Cranor says there are number issues related to privacy and cybersecurity that people need to be aware of.

Sharing accounts in the workplace is a mess

In a new study, CyLab researchers found that people in the workplace are sharing accounts like Facebook, Google, and company email accounts for a variety of reasons. The way they share these accounts could lead to mishaps.

This new tool for developers can help preserve app users’ privacy

A team of CyLab researchers created a tool that nudges developers to think a bit harder about user privacy when coding data requests.

Why people (don’t) use password managers effectively

A recent study by a team of CyLab researchers, including Pearman, provides some insight into how ineffectively people may be using password managers, potentially nullifying the benefits the managers are meant to provide.

Opting out of data use is hard, but it doesn’t have to be

A recent study by researchers from Carnegie Mellon University and the University of Michigan found that while many websites share users' browsing data with advertisers, it is difficult for users to figure out how to prevent this practice.

Security and privacy need to be easy

In 2005, Carnegie Mellon hosted a first-of-its-kind conference that brought together researchers from dozens of universities and companies around the world with one mission: make privacy and security tools easier to use. That conference, the Symposium On Usable Privacy and Security (SOUPS), is holding its 15th annual meeting next month. SOUPS, as well as the entire usable privacy and security field, have deep roots at CMU.

NSF awards $1.2M to create a digital assistant to answer people’s privacy questions

The National Science Foundation (NSF) has awarded a $1.2 million grant to a team of researchers from Carnegie Mellon University, Fordham University, and Penn State University to develop a tool—a “privacy assistant”—that will allow users to simply ask questions about the privacy issues that matter to them.

BUYER UNAWARE: Security and privacy rarely considered before buying IoT devices

In a study presented at the ACM CHI conference in Glasgow earlier this month, researchers from Carnegie Mellon University’s CyLab found that security and privacy risks may not be on the list of considerations when consumers purchase new IoT devices.

Blame the tech, not the users

A recent study led by researchers in Carnegie Mellon University’s CyLab found that when a personal device has fallen victim to some sort of cyberattack, users often misdiagnose what exactly is going on–but they’re not the ones to blame.

Related Article Opens in new window

Your smart home may soon have a smarter way to pair your devices

"Do you feel what I hear?" That’s a phrase that devices in smart homes may be asking each other in the future as a way to pair themselves without any assistance.

What happens when you deploy 2-factor authentication at a university?

“It’s not actually that horrible,” one survey respondent said about using a security feature called 2-factor authentication (2FA) to access their Carnegie Mellon account.

CyLab’s Lorrie Cranor and her student Blase Ur win top SIGCHI awards

Lorrie Cranor, a professor in the Institute for Software Research and the Department of Engineering and Public Policy, is this year’s recipient of the Social Impact Award from the Association for Computing Machinery Special Interest Group on Computer Human Interaction (SIGCHI). Cranor’s former Societal Computing Ph.D. student Blase Ur won the group’s Outstanding Dissertation Award.

Researchers unveil new password meter Opens in new window

Researchers from Carnegie Mellon University and the University of Chicago have just unveiled a new, state-of-the-art password meter that offers real-time feedback and advice to help people create better passwords.

Cranor stresses the need to test privacy policies Opens in new window

Ten years ago, CyLab graduate student Aleecia McDonald walked into Lorrie Cranor’s office and asked, “What would happen if everybody read all of the privacy policies on all of the websites they visit?”

CyLab’s Manuel Blum advises: “Never memorize passwords. Compute them.”

Manuel Blum presented his ideas on password-computing algorithms at the USENIX Enigma Conference in Oakland, California.

Watch the Video Opens in new window

Explore Other Research Topics