Lorrie Faith Cranor studied thousands of real passwords to figure out the surprising, very common mistakes that users — and secured sites — make to compromise security. There are now lists on the internet that give common passwords posted by hackers, so how, you may ask, did she study thousands of real passwords without compromising the security of any users? That’s a story in itself. It’s secret data worth knowing, especially if your password is 123456 …

Why you should listen:

Cranor plays a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P. She has served on a number of boards, including the Electronic Frontier Foundation Board of Directors, and on the editorial boards of several journals. In 2003 she was named one of the top 100 innovators 35 or younger by Technology Review.

Who is she:

Lorrie Faith Cranor is an Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University, where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS) and co-director of the MSIT-Privacy Engineering masters program. She is also a co-founder of Wombat Security Technologies, Inc. She has authored over 100 research papers on online privacy, usable security, phishing, spam, electronic voting, anonymous publishing, and other topics.


  1. Do you have multiple passwords for multiple sites?
  1. CMU – in this case Carnegie Mellon University went to a policy of requiring at least eight characters long, with an uppercase letter, lowercase letter, a digit, a symbol, you couldn’t use the same character more than three times, and it wasn’t allowed to be in a dictionary. Does your password meet this standard?
  1. For computer password use what does the term “entropy” mean?
  1. Cranor found that at every level the problem with password data was____________?
  1. Because there was no good data at the start of her study she first paid people to create a password using _________ _________ .
  1. It would appear that a short sentence, meaningful only to you, and not reused for each new site is the password that is most effective.         T          F

What’s wrong with your Password? with Lorrie Faith Cranor


1 Comment

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>