diff --git a/mod/lostpass.php b/mod/lostpass.php
index 2ce396e36..8a1a9f36e 100644
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@@ -41,7 +41,7 @@ function lostpass_post(App $a)
 		DI::baseUrl()->redirect();
 	}
 
-	$pwdreset_token = Strings::getRandomName(12) . random_int(1000, 9999);
+	$pwdreset_token = Strings::getRandomHex(32);
 
 	$fields = [
 		'pwdreset' => $pwdreset_token,