Lujo Bauer is a professor in the Electrical and Computer Engineering Department and in the Institute for Software Research at Carnegie Mellon University. He received his B.S. in Computer Science from Yale University in 1997 and his Ph.D. in Computer Science from Princeton University in 2003.

Bauer's research interests span many areas of computer security and privacy, and include building usable access-control systems with sound theoretical underpinnings, developing languages and systems for run-time enforcement of security policies on programs, and generally narrowing the gap between a formal model and a practical, usable system. His recent work focuses on developing tools and guidance to help users stay safer online, and in examining how advances in machine learning can lead to a more secure future.

Bauer served as the program chair for the flagship computer security conferences of the IEEE (S&P 2015) and the Internet Society (NDSS 2014) and is an associate editor of ACM Transactions on Information and System Security.

2203 Collaborative Innovation Center
Google Scholar
Lujo Bauer
Lujo Bauer's website

Helping Users Manage Online Data

On the Future of AI


2003 Ph.D., Computer Science, Princeton University

1999 MA, Computer Science, Princeton University

1997 BS, Computer Science, Yale University


Media mentions

CyLab Security and Privacy Institute

Cisco announces strategic partnership with Carnegie Mellon CyLab

The mission of Cisco Research, the research arm of multinational tech leader Cisco Systems, is to foster research collaborations with “the best university researchers in the field.” Thus, the company has announced a new partnership with Carnegie Mellon University CyLab.

CyLab Security and Privacy Institute

Study explores tensions between IoT device owners and “incidental users”

A team of CyLab researchers conducted a study exploring the tensions that may arise between device owners and incidental users, who may or may not be comfortable as incidental users.

CyLab Security and Privacy Institute

CyLab researchers awarded MURI grant to study human-bot teams

Lujo Bauer, Matt Fredrikson, and Cleotilde Gonzalez are part of a team of researchers that was named a winner of a prestigious US Department of Defense (DoD) Multidisciplinary University Research Initiative (MURI) Award.

CyLab Security and Privacy Institute

Third round of Secure and Private IoT Initiative funded projects announced

Carnegie Mellon CyLab’s Secure and Private IoT Initiative (IoT@CyLab) has announced its third round of funding, which will support 12 Internet of Things (IoT)-related projects for one year.

Dark Reading

Bauer, Cranor, and Christin quoted on password security

CyLab’s Lujo Bauer, Nicolas Christin, and Lorrie Cranor were quoted on Dark Reading on their password research.

CyLab Security and Privacy Institute

Finally: a usable and secure password policy backed by science

After nearly a decade of studies, the passwords research group in Carnegie Mellon’s CyLab Security and Privacy Institute has developed a policy for creating passwords that maintains balance between security and usability—one backed by hard science.

CyLab Security and Privacy Institute

Three CyLab papers presented at the FTC’s PrivacyCon 2020

Three CyLab papers were presented at this year’s PrivacyCon, focusing on privacy and security nutrition labels, making privacy choices easier, and perceptions of advanced video analytics.


Bauer on password safety

CyLab/ECE’s Lujo Bauer was quoted in a Forbes article about the importance of creating safe, unique passwords. “Reusing the same or a slightly changed password across accounts is a huge source of risk,” he said.

The Wall Street Journal

Bauer quoted on data privacy

CyLab/ECE’s Lujo Bauer was quoted in The Wall Street Journal on a new messaging app called Signal.

Fox News

Bauer quoted on password security

CyLab’s Lujo Bauer was quoted in Fox News on how users can keep their accounts safe using passwords.

CyLab Security and Privacy Institute

After a breach, users rarely change their passwords, and when they do, they’re often weaker

A recent study authored by CyLab researchers shows that only a minority of people change their passwords after a security breach, and those that do often change them to weaker ones.

CyLab Security and Privacy Institute

Passwords research group awarded the 2020 Allen Newell Award for Research Excellence

A group of CyLab faculty and graduate students were just awarded the Allen Newell Award for Research Excellence for their contributions from a decade of passwords research.