Security starts with your master account. If an attacker cracks your main SmugMug login, they have access to every client gallery you have ever shot. Always turn on Two-Factor Authentication on your master photography accounts to require a mobile prompt or hardware key to log in. Summary of the Best Security Settings Security Feature Action to Take Protection Level Handled automatically via SmugMug's cryptographic hashing. Visibility Set sensitive galleries to "Unlisted". Password Strength Use randomly generated strings of >12 characters. URL Naming Avoid keywords like "boudoir" or client names in the URL. Account Access Turn on 2FA for the photographer's master account. If you are interested in exploring further, I can provide:
The number one way attackers "crack" a gallery is by simply guessing the password. hn photography smugmug boudoir crack best
Historically, forums dedicated to leering at private images have targeted boudoir photographers by brute-forcing weak gallery passwords (like using the client's first name or the word "boudoir"). This is why top-tier security habits are mandatory for anyone shooting intimate portraiture. Why SmugMug Is Favored by Security-Conscious Photographers Security starts with your master account
A step-by-step guide on on SmugMug.