As of 4 August 2017, the way Cameo vets your password has changed.

Previously, like a lot of sites, there was an attempt to get you to use a strong password with a complicated rule involving special characters etc.

Now however, it just has to be long enough (8 characters) and, crucially, not compromised anywhere known about on the web. This means you can use your favourite method of choosing a password, such as combining several lower case words, and not fall foul of password rules.

However, there have been numerous cases where websites have leaked large numbers of their customers’ passwords, and we now check against a database of such passwords. If we find your choice there, we will not allow it. It is probably quite common. And, even if not, if we know it’s been leaked by someone else, so do the bad guys, and they can use it to try to compromise your login.

This list also contains pretty much all dictionary words, so just a single word would not usually be allowed. People use dictionaries to attempt to decode lists of stolen passwords.

Cameo’s raison d’être is to store other people’s personal data, so it’s important to take your login security seriously – you owe it to the people whose data is being stored. So:

  • do choose a strong password
  • don’t use the same password you use on any other website or for anything else
  • turn on two factor authentication in your profile
  • consider using a password manager, such as lastpass or 1password

If you want to change your existing Cameo password, follow the reset password link in your profile (and turn two factor authentication back on again afterwards).

Checking your password uses a secure channel which does not expose the password to the checking service, which is kindly provided by security guru Troy Hunt.