diff --git a/app/models/email_token.rb b/app/models/email_token.rb
index 97bac40f1..dc511fbc7 100644
--- a/app/models/email_token.rb
+++ b/app/models/email_token.rb
@@ -19,11 +19,11 @@ class EmailToken < ActiveRecord::Base
   end
 
   def self.valid_after
-    1.week.ago
+    SiteSetting.email_token_valid_hours.hours.ago
   end
 
   def self.confirm_valid_after
-    1.day.ago
+    SiteSetting.email_token_grace_period_hours.ago
   end
 
   def self.unconfirmed
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 15c3daa35..a8823cc5c 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -702,6 +702,9 @@ en:
     topics_per_period_in_top_page: "How many topics loaded on the top topics page"
     redirect_users_to_top_page: "Automatically redirect new & long-time-no-see users to top page"
 
+    email_token_valid_hours: "How long are 'forgot password' / 'activate account' tokens valid for"
+    email_token_grace_period_hours: "How long are 'forgot password' / 'activate account' tokens valid for, after being redeemed"
+
     enable_badges: "Enable the badge system (experimental)"
 
     allow_index_in_robots_txt: "Site should be indexed by search engines (update robots.txt)"
diff --git a/config/site_settings.yml b/config/site_settings.yml
index 83a0188af..2974a3355 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -263,6 +263,9 @@ users:
     default: 15
   redirect_users_to_top_page: true
 
+  email_token_valid_hours: 24
+  email_token_grace_period_hours: 0
+
 posting:
   min_post_length:
     client: true
diff --git a/spec/models/email_token_spec.rb b/spec/models/email_token_spec.rb
index c5da668cf..fb9835325 100644
--- a/spec/models/email_token_spec.rb
+++ b/spec/models/email_token_spec.rb
@@ -63,8 +63,8 @@ describe EmailToken do
     end
 
     it 'returns nil when a token is older than a specific time' do
-      EmailToken.expects(:valid_after).returns(1.week.ago)
-      email_token.update_column(:created_at, 2.weeks.ago)
+      SiteSetting.email_token_valid_hours = 10
+      email_token.update_column(:created_at, 11.hours.ago)
       EmailToken.confirm(email_token.token).should be_blank
     end
 
@@ -88,11 +88,10 @@ describe EmailToken do
       end
 
       context "when using the code a second time" do
-        before do
-          EmailToken.confirm(email_token.token)
-        end
 
         it "doesn't send the welcome message" do
+          SiteSetting.email_token_grace_period_hours = 1
+          EmailToken.confirm(email_token.token)
           user = EmailToken.confirm(email_token.token)
           user.send_welcome_message.should be_false
         end