Pass voting credentials by link about belenios HOT 3 OPEN

It seems to me that there is no theoretical security problem with what you propose.
However, Human Factor and UX come into play, and we must be careful before doing such a change.
In the present email, this is kind of obvious that the message contains personal security data. The code is made very visible.
Hiding this personal information in a link might cause situations where the voter does not realize that this is a personal link and forwards the email to a friend/colleague who asks "Do you know where is the link for voting?"
This is the only security risk I can think of, and this does not mean that this is a no-go, but still calls for carefulness.

from belenios.

I've implemented the feature for the election homepage (via #c=123-456-789-abc-deN) and both booths (via #credential=123-456-789-abc-deN). The election homepage automatically forwards the credential to the booth, if present. So, (with the next release), credential authorities will be free to send direct links. For now, emails sent in automatic mode do not (we need to work on the wording).

from belenios.

Thank you @glondu. This truly looks great. However, I also understand the concerns raised by @pgaudry. The problem with users (accidentally) sharing their personal voting information with others exists in the current mode as well. Maybe we can make the whole thing optional. (Either through the interface or only for manual mode with the separate credential authority).

from belenios.