Sunshine requires user's to register an account in order to mark images as favorite and to make a purchase. Some photographers seem to not like this approach. Here is our take:
When a user wants to make a purchase with Sunshine Photo Cart, they need to provide email, name and shipping/billing information. The difference between guest checkout without an account and creating an account is just a single field - password. Having an account allows users to come back to the site to reference their order after they purchase and also allow them to download files associated with the order (if using digital negatives).
As far as favorites, this is very important for users to have an account first. This way if they access the gallery with another computer or device on another visit to the site (because you know clients visit their galleries repeatedly after they are posted) they can then see all the images marked as favorite from a past visit. If it was not tied to a user account, every time they visited your gallery they would have to redo which images they mark as favorite and clients would get extremely frustrated.
On some other proofing platforms they ask for an email address only to either see a gallery or mark images as favorites. This is extremely insecure. Everyone knows everyone else’s email addresses. In a wedding, what if a guest from the wedding decides to enter the brides email address - they suddenly can see all the bride’s favorited photos, and essentially their entire account. While it's not like this would give other people important information like credit card numbers, it could still be sensitive information that your clients simply don’t want others to see. This is why a password is important - it ensures that the favorites are actually only seen by the person intended.
What if a proofing system only asks for email address and automatically creates the password for the user's account? How frustrating is it when you try to login to your account and it is some random character password that you can't memorize and have to dig up that email you got weeks ago which has the password in it? Better to let clients choose their own password so they can more easily remember it and gain access to their account with no frustration.
Registering in Sunshine takes 10 seconds and requires username, email, password. There are WordPress plugins which allow users to register with just email/password, removing even the username field. Sunshine always redirects the user exactly to the page they were before being asked to register so they don’t have to navigate back through several clicks to return to the previous spot.
Are you getting registration spam (fake user accounts being created)? I highly recommend the Stop Spammers plugin.