Comment 0 for bug 589335

Auth tokens are currently long and only able to be claimed by following a link from an email in a web browser. We need to remove both of these things as hard requirements to enable more complete desktop integration. The first step is to use much shorter tokens (4 characters is an initial suggestion) which are easier to re-type or read from more limited devices and provide a field on the 'sent' notification page to enter the token. The same system should be used in all places where auth tokens are required.