Client Gallery Security Best Practices

  • Updated

ShootProof provides several tools to help protect your client photos, and it’s important to know how these tools work together to provide multiple layers of security. 

Secure online client galleries:

  • are Private and accessible only by a direct gallery URL 
  • are password-protected with a strong Password
  • require visitors to enter an email address to view images
  • are shared directly with a Linked Contact with unique download permissions

  In this article:

2-Factor Authentication

Private Gallery URLs

Password protection

Gallery Visitor tracking

Linked Contact privileges

 

2-Factor Authentication

The first step in keeping your galleries secure is to secure your ShootProof Account. 2-Factor Authentication allows you to require an extra login credential, in addition to your username and password, shared through a secure message to your cellphone or a designated app. This feature helps to ensure that only you and your users can gain access to your ShootProof account.  Any time you log in to ShootProof from a new device, you'll be required to enter an authorization code.

Set up two-factor authentication for your username by going to Users & Permissions, then click your username. Click the blue ‘Enable Two-Factor Authentication’ button at the bottom of that page.

 

Private Gallery URLs

Private Galleries are accessible only by the direct link that you share, and will not appear on your ShootProof Portfolio Website. 

To make a Gallery Private, go to Galleries > All Galleries > Actions > Settings > Access & Privacy > Private

To make multiple Galleries Private, go to Galleries > All Galleries > select the Galleries you'd like to make Private > Actions > Bulk Actions > Gallery Access > Private

 

Password Protection

Passwords are an essential tool for protecting your client’s images. While it creates an extra step to access a Gallery, clients appreciate that you take serious measures to protect their images.

A strong password is your best defense against unauthorized access to client galleries. What is a “strong” password? We’ve compiled some best practices:

  • Passwords should not include client or session details. Avoid using client names, dates, and references to session type, such as boudoir.
  • Passwords should be at least 12 characters long. The longer your password is, the better.
  • Passwords should use a combination of uppercase and lowercase letters, numbers, and special symbols. 
  • Passwords should not contain memorable keyboard paths, like 1234.
  • Passwords should be unique for each gallery. If individual albums contain sensitive data, create a strong password for each Album.

For more ideas and examples of secure passwords, see this article from Cyber News

To add a password to your Gallery, go to Galleries > All Galleries > Actions > Settings > Access & Privacy > Turn on Password-Protect and enter a strong password.


If you use an Album structure for volume photography, where each client receives a link to their own Album within a Gallery, you can manually create your own password for each Album, or use our random password generator. 

To manually create an album password:

Go to Galleries > All Galleries > click on the specific gallery.

  1. Click Manage Albums
  2. Click Actions > Album Settings
  3. Select Password-Protect
  4. Enter a strong password
  5. Save Settings

To apply random auto-generated passwords to albums:

Go to Galleries > All Galleries > click on the specific gallery.

  1. Click on Manage Albums
  2. Click Generate Passwords at the top right
  3. Select the albums you’d like to secure with randomized passwords
  4. Click Generate Passwords

 

Gallery Visitor Tracking

Require an email address to enter a gallery to monitor for suspicious visitors. If you see suspicious activity in your Gallery Visitor Report, change passwords immediately. 

To monitor your Gallery Visitor Report, go to Galleries > Gallery Visitor Report.

While it's expected that you may not recognize every email address (especially if your client shares the gallery with friends and family), if you see a pattern of bogus email addresses accessing galleries, or other suspicious behavior, change your passwords right away. 

When galleries contain especially sensitive images, such as boudoir galleries, it’s best to share the Private, password-protected Gallery directly with a Linked Contact

 

Linked Contact Privileges

Give your client unique Linked Contact privileges like digital download permissions, hiding, and labeling. Access to these privileges is controlled by entering the client’s email address, adding an extra layer of security.