diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Push.php b/lib/Alchemy/Phrasea/Controller/Prod/Push.php
index 2a351f8b84..138ab823e7 100644
--- a/lib/Alchemy/Phrasea/Controller/Prod/Push.php
+++ b/lib/Alchemy/Phrasea/Controller/Prod/Push.php
@@ -213,15 +213,20 @@ class Push implements ControllerProviderInterface
 
                     $app['EM']->flush();
 
-                    $url = $app->url('lightbox_compare', array(
+                    $arguments = array(
                         'ssel_id' => $Basket->getId(),
-                        'LOG' => $app['tokens']->getUrlToken(
+                    );
+
+                    if (!$app['phraseanet.registry']->get('GV_force_push_authentication') || !$request->get('force_authentication')) {
+                        $arguments['LOG'] = $app['tokens']->getUrlToken(
                             \random::TYPE_VIEW,
                             $user_receiver->get_id(),
                             null,
                             $Basket->getId()
-                        )
-                    ));
+                        );
+                    }
+
+                    $url = $app->url('lightbox_compare', $arguments);
 
                     $receipt = $request->get('recept') ? $app['authentication']->getUser()->get_email() : '';
 
@@ -359,7 +364,7 @@ class Push implements ControllerProviderInterface
                     try {
                         $participant_user = \User_Adapter::getInstance($participant['usr_id'], $app);
                     } catch (\Exception $e) {
-                        throw new ControllerException(sprintf(_('Unknown user %d'), $receiver['usr_id']));
+                        throw new ControllerException(sprintf(_('Unknown user %d'), $participant['usr_id']));
                     }
 
                     try {
diff --git a/lib/Alchemy/Phrasea/Security/Firewall.php b/lib/Alchemy/Phrasea/Security/Firewall.php
index 66343cd9a6..4a31fe605e 100644
--- a/lib/Alchemy/Phrasea/Security/Firewall.php
+++ b/lib/Alchemy/Phrasea/Security/Firewall.php
@@ -102,10 +102,14 @@ class Firewall
         return $this;
     }
 
-    public function requireAuthentication()
+    public function requireAuthentication(Request $request = null)
     {
+        $params = array();
+        if (null !== $request) {
+            $params['redirect'] = '..' . $request->getPathInfo();
+        }
         if (!$this->app['authentication']->isAuthenticated()) {
-            return new RedirectResponse($this->app->path('homepage'));
+            return new RedirectResponse($this->app->path('homepage', $params));
         }
     }
 
@@ -118,7 +122,7 @@ class Firewall
         $app = $this->app;
 
         $controllers->before(function (Request $request) use ($app) {
-            if (null !== $response = $app['firewall']->requireAuthentication()) {
+            if (null !== $response = $app['firewall']->requireAuthentication($request)) {
                 return $response;
             }
         });
diff --git a/lib/conf.d/_GV_template.inc b/lib/conf.d/_GV_template.inc
index 33f2aa9e87..d054ac6eda 100644
--- a/lib/conf.d/_GV_template.inc
+++ b/lib/conf.d/_GV_template.inc
@@ -265,6 +265,13 @@ return call_user_func_array(function(Application $app) {
         ), array(
             'section' => _('Main configuration'),
             'vars'    => array(
+                array(
+                    'type'    => \registry::TYPE_BOOLEAN,
+                    'name'    => 'GV_force_push_authentication',
+                    'comment' => _('Enable Forcing authentication to see push content'),
+                    'help'      => _('Adds an option to the push form submission to restrict push recipient(s) to Phraseanet users only.'),
+                    'default' => false
+                ),
                 array(
                     'type'    => \registry::TYPE_STRING,
                     'name'    => 'GV_adminMail',
diff --git a/templates/web/prod/actions/Push.html.twig b/templates/web/prod/actions/Push.html.twig
index 52eb1f4ee1..0b68e6c352 100644
--- a/templates/web/prod/actions/Push.html.twig
+++ b/templates/web/prod/actions/Push.html.twig
@@ -214,6 +214,7 @@
                     <textarea name="message" style="display:none;"></textarea>
                     <input type="hidden" name="duration" value=""/>
                     <input type="checkbox" value="1" name="recept" style="display:none;"/>
+                    <input type="checkbox" value="1" name="force_authentication" style="display:none;"/>
                     <div class="PNB badges"></div>
                 </form>
                 <div class="PNB10 footer">
diff --git a/templates/web/prod/templates/push.html.twig b/templates/web/prod/templates/push.html.twig
index f0bacbd2ab..bbf70b723e 100644
--- a/templates/web/prod/templates/push.html.twig
+++ b/templates/web/prod/templates/push.html.twig
@@ -128,7 +128,7 @@
 
 <script type="text/template" id="feedback_sendform_tpl">
 <form>
-    <div class="Feedback" style="display:none;">
+    <div class="Feedback control-group" style="display:none;">
         <label for="PushSendFormDuration">{% trans %}Time for feedback (days){% endtrans %}</label>
         <select id="PushSendFormDuration" name="duration" class="input-block-level">
             <option {% if 20 == app['phraseanet.registry'].get('GV_val_expiration') %}selected="selected"{% endif %} value="20">20</option>
@@ -140,20 +140,39 @@
             <option {% if 1 == app['phraseanet.registry'].get('GV_val_expiration') %}selected="selected"{% endif %} value="1">1</option>
         </select>
     </div>
-    <div>
-        <label for="PushSendFormRecept">{% trans %}Name{% endtrans %}</label>
+    <div class="control-group">
+        <label for="PushSendFormName">{% trans %}Name{% endtrans %}</label>
         <input id="PushSendFormName" type="text" name="name" class="input-block-level"/>
     </div>
-    <div>
+    <div class="control-group">
         <label for="PushSendFormMessage">{% trans %}Message{% endtrans %}</label>
-        <textarea id="PushSendFormMessage" name="message" class="input-block-level"></textarea>
+        <textarea id="PushSendFormMessage" name="message" class="input-block-level" rows="6"></textarea>
     </div>
-    <div>
+    <div class="control-group">
         <label for="PushSendFormRecept" class="checkbox">
             <input id="PushSendFormRecept" type="checkbox" name="recept" value="1"/>
             {% trans %}Accuse de reception{% endtrans %}
         </label>
     </div>
+    {% if app['phraseanet.registry'].get('GV_force_push_authentication') %}
+        <div class="control-group">
+            <label for="PushForceAuthentication" class="checkbox">
+                <input id="PushForceAuthentication" type="checkbox" checked="checked" name="force_authentication" value="1"/>
+                {% trans %}Force authentication{% endtrans %}
+            </label>
+        </div>
+        <div class="control-group info">
+            <span class="help-inline" style="font-style: italic">
+                <i class="icon-info-sign"></i>
+                {% trans %}
+                    The parameter "force authentication" forces the recipient(s) of the push to possess a Phraseanet account
+                    to see its contents.
+                    This avoids anonymous users to access to the content of the push if they were able to get the display
+                    url through a forwarded mail for example.
+                {% endtrans %}
+            </span>
+        </div>
+    {% endif %}
 </form>
 </script>
 
diff --git a/tests/Alchemy/Tests/Phrasea/Security/FirewallTest.php b/tests/Alchemy/Tests/Phrasea/Security/FirewallTest.php
index 9d45e581ed..09b55f5969 100644
--- a/tests/Alchemy/Tests/Phrasea/Security/FirewallTest.php
+++ b/tests/Alchemy/Tests/Phrasea/Security/FirewallTest.php
@@ -8,12 +8,12 @@ class FirewallTest extends \PhraseanetWebTestCaseAuthenticatedAbstract
 
     public function testRequiredAuth()
     {
-        $this->assertNull(self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']));
+        $this->assertNull(self::$DI['app']['firewall']->requireAuthentication());
     }
 
     public function testRequiredAuthNotAuthenticated()
     {
         $this->logout(self::$DI['app']);
-        $this->assertInstanceOf('Symfony\Component\HttpFoundation\RedirectResponse', self::$DI['app']['firewall']->requireAuthentication(self::$DI['app']));
+        $this->assertInstanceOf('Symfony\Component\HttpFoundation\RedirectResponse', self::$DI['app']['firewall']->requireAuthentication());
     }
 }
diff --git a/www/skins/prod/jquery.Feedback.js b/www/skins/prod/jquery.Feedback.js
index 9a6762664f..6268170163 100644
--- a/www/skins/prod/jquery.Feedback.js
+++ b/www/skins/prod/jquery.Feedback.js
@@ -166,12 +166,13 @@
                 $('input[name="duration"]', $FeedBackForm).val($('select[name="duration"]', $dialog.getDomElement()).val());
                 $('textarea[name="message"]', $FeedBackForm).val($('textarea[name="message"]', $dialog.getDomElement()).val());
                 $('input[name="recept"]', $FeedBackForm).attr('checked', $('input[name="recept"]', $dialog.getDomElement()).attr('checked'));
+                $('input[name="force_authentication"]', $FeedBackForm).attr('checked', $('input[name="force_authentication"]', $dialog.getDomElement()).attr('checked'));
 
                 $FeedBackForm.trigger('submit');
             };
 
             var options = {
-                size: 'Small',
+                size: 'Medium',
                 buttons: buttons,
                 loading: true,
                 title: language.send,