CyberWire Daily Lorrie Cranor: Why Security Fails Real People [Afternoon Cyber Tea]
26 snips
Dec 31, 2025 Dr. Lorrie Cranor, a leading researcher in usable security and the Director of the CyLab Security and Privacy Institute, joins Ann Johnson from Microsoft. They delve into why security tools often fail users, highlighting the disconnect between security design and real-world usability. Cranor discusses the persistent challenges with passwords, emerging strategies like passkeys, and the evolving expectations of privacy in today’s data-driven world. She emphasizes the need for user-centered design and practical testing to build effective security systems.
AI Snips
Chapters
Transcript
Episode notes
Designs Ignore Real User Workflows
- Security teams design controls focused on technical goals and often omit real user workflows.
- Without usability experts partnering with security, tools will regularly fail in practice.
No Perfect Password Replacement Yet
- No single replacement for passwords meets all needs including security, ease, device compatibility, and legacy support.
- Some domain-specific solutions like mobile biometrics work well, but universal password replacement remains elusive.
Prepare Support Before Promoting Passkeys
- Avoid assuming passkeys are inherently user-friendly because current flows confuse many users.
- Educate and prepare support for edge cases like cross-device access before promoting passkeys broadly.