Smugmug questions!
ahaze
Registered Users Posts: 3 Beginner grinner
Greetings! My name is Andi, I'm an amateur photographer considering taking the leap into trying to seriously sell my stuff online. I've read the info about the Smugmug Pro account- I really like the way it's set up, with watermarking and integrated selling on my own site, etc. I'd like to hear from some pro users with some history here, if possible.
I read a few concerns that the printer Smugmug uses is somewhat average, and someone else said prints were inconsistent. I was quite impressed with the level of testing SM did before going with a printer, so I'd like to hear from some actual users on this issue. Is it possible to have some test prints of my own work done before paying for an account?
Also, is anyone making more than a few dollars with the service? $100 plus hosting seems like a lot, but I know that the amount of services offered make it a good deal. Though if I end up losing money that defeats the purpose!
Thanks in advance for your honest answers and advice. I look forward to talking with you all more!
I read a few concerns that the printer Smugmug uses is somewhat average, and someone else said prints were inconsistent. I was quite impressed with the level of testing SM did before going with a printer, so I'd like to hear from some actual users on this issue. Is it possible to have some test prints of my own work done before paying for an account?
Also, is anyone making more than a few dollars with the service? $100 plus hosting seems like a lot, but I know that the amount of services offered make it a good deal. Though if I end up losing money that defeats the purpose!
Thanks in advance for your honest answers and advice. I look forward to talking with you all more!
0
Comments
I do have a pro account & I easily payed for the service by selling prints off of my web site. The quality of the prints is excellent and I have found the consistency to be very good as well. I think you can upload digital files directly to EZprints at their website and order some prints prior to signing up for a smugmug account. Prints sales will be determined by how you market yourself. All of my prints sales are from commissioned works or event photos. Overall, I have been very pleased with my pro account. It is a lot of value for the money. Hope this helps.
TML Photography
tmlphoto.com
I will definitely have EZPrints do some prints for me. Thanks for the insight.
Andi
Smugmug service is top-notch. They are very quick to respond and usually are very helpful. Unless you have an issue with security.
They have a gaping hole where they save your password. So anyone who goes to SmugMug after you, has total access to your account. They can download all your photos.
There is a check box that you must click on EVERY TIME you sign on if you want your password protected.
So BEWARE. Forget this tedious unnecessary task - just once ... and you're toast!
It is a pain to sign on, but once on - the site is really well worth the cost.
Steve
Wow, reviving a five year old thread is a new record
I don't believe the security / password issues you raise are in fact happening. I'm moving this to the Smugmug support forum.
Moderator of: Location, Location, Location , Mind Your Own Business & Other Cool Shots
You don't believe they are happening?
Well you are wrong ... try it.
It has been a gaping hole in security for over 2 years.
And even if you uncheck the flag, it doesn't even remember what you selected so it tries to save your password every time.
If they want to save passwords - fine - but for those who don't - they should not have to tell them every single time they sign on.
One flag in a cookie ... they can't save that, but they can save your entire password, and give access to your account to the next person who uses that computer.
Steve
Steve, did you know that if you press "logout" when you're done, you are logged out, and the next person won't have access to your account? Any time you are using a shared computer and you have to log in to a site, you should use the logout button when you're done to prevent exactly what you're worried about here.
Seems like a lot of work to encourge poor security standards.
Plus the next time you go in you still have to remove the flag again.
They remember all your settings except the flag not to store our passwords. It's backwards.
I guess they never get security audits.
If they didn't save our passwords by default you wouldn't need to worry about how you exit.
Really, if people want to save their passwords most browsers will let them anyway.
And if they just reversed the button logic ... problem solved!
Click the button to remember ... like they do on this forum.
There is better security here than on my Pro account! And this is free!
I'm not sure which is worse ... the fact that they have it set up this way, or that they don't care it is not secure, or that you have to click something with every signon.
I'm not asking for 128bit encrypted passwords that you have to change every 3 days. I just don't want my password stored nor given away by default.
You don't need to be an I.T. Consultant for over 30 years to know this ...
I gave them several options a couple of years ago.
1) If you want people to continue in an insecure way, make them check the box to say "Remember Me" ... like this site.
Having the password in the cookie (questionable at any time) will tell you that they had checked the box.
Next time in, you can just go right in. One click and you are as wide open as before.
2) If one click per machine is too much, (seems to be no issue for me to click 20 times a day, every day), then put a flag on the account. (default to secure/default to insecure) I cannot believe anyone would provide an option to be insecure, but even more surprising is that it is the only way we can operate today.
3) If you insisit on defaulting to storing the passwords (yech) then when someone removes the "remember me" flag - remember it! Instead of putting the password in the cookie ... a blank there would indicate not to ask for it from then on .... simply remove the check mark so we don't have to. It is still backwards but a huge improvement over the current process.
Seems simple ... yet would save so much time and even driving away from a client site ONCE not knowing if you remembered to remove that flag - [therefore giving all your photos away] - is too many.
Steve
We constantly monitor feedback, Jetranger. This is not something we hear about. I do hear you, and it's clear you feel strongly!
If folks want to support your feature request, they can go here http://feedback.smugmug.com/forums/17723-smugmug/suggestions/953227-fix-gaping-hole-in-security-2-years-?ref=title
Portfolio • Workshops • Facebook • Twitter
I do, and did.
"Chance favors the prepared mind." ~ Ansel Adams
"Light thinks it travels faster than anything but it is wrong. No matter how fast light travels, it finds the darkness has always got there first, and is waiting for it." ~ Terry Pratchett