There is a possible security issue at the initial password token handling: Please prepare a second token transfer path. Issue: If the account hasn´t been created already, liquidfiles send the token e-mail to the receipient in a separate email. A hacker who can read this mail, can login to the liquidfiles account and steal informations. Is it possible to send the email with the token and the authentication link to the sender instead of the recipient? It makes sence to send the information via a second communication path like phone or whatever (sms is not an option for us).