diff --git a/src/schemas/user/emailChangeSchema.js b/src/schemas/user/emailChangeSchema.js
index bffd13f..5e839ba 100644
--- a/src/schemas/user/emailChangeSchema.js
+++ b/src/schemas/user/emailChangeSchema.js
@@ -52,7 +52,7 @@ const emailChangeSchema = new mongoose.Schema({
         type: mongoose.SchemaTypes.String,
         required: true,
         //Use a cryptographically secure algorythm to create a random hex string from 16 bytes as our change/cancel token
-        default: ()=>{return crypto.randomBytes(16).toString('hex')}
+        default: ()=>{return crypto.randomBytes(32).toString('hex')}
     },
     ipHash: {
         type: mongoose.SchemaTypes.String,
diff --git a/src/schemas/user/passwordResetSchema.js b/src/schemas/user/passwordResetSchema.js
index ecba77f..9391bee 100644
--- a/src/schemas/user/passwordResetSchema.js
+++ b/src/schemas/user/passwordResetSchema.js
@@ -48,7 +48,7 @@ const passwordResetSchema = new mongoose.Schema({
         type: mongoose.SchemaTypes.String,
         required: true,
         //Use a cryptographically secure algorythm to create a random hex string from 16 bytes as our reset token
-        default: ()=>{return crypto.randomBytes(16).toString('hex')}
+        default: ()=>{return crypto.randomBytes(32).toString('hex')}
     },
     ipHash: {
         type: mongoose.SchemaTypes.String,
diff --git a/src/validators/accountValidator.js b/src/validators/accountValidator.js
index aa1d942..4e031d3 100644
--- a/src/validators/accountValidator.js
+++ b/src/validators/accountValidator.js
@@ -185,8 +185,8 @@ module.exports.securityToken = function(field = 'token'){
             isHexadecimal: true,
             isLength: {
                 options: {
-                    min: 32,
-                    max: 32
+                    min: 64,
+                    max: 64
                 }
             },
             errorMessage: "Invalid security token."