diff --git a/services/web/app/src/Features/User/UserEmailsConfirmationHandler.js b/services/web/app/src/Features/User/UserEmailsConfirmationHandler.js
index 95578e761b..dec6295ebf 100644
--- a/services/web/app/src/Features/User/UserEmailsConfirmationHandler.js
+++ b/services/web/app/src/Features/User/UserEmailsConfirmationHandler.js
@@ -7,7 +7,8 @@ const UserUpdater = require('./UserUpdater')
 const UserGetter = require('./UserGetter')
 const { promisify } = require('util')
 
-const ONE_YEAR_IN_S = 365 * 24 * 60 * 60
+// Reject email confirmation tokens after 90 days
+const TOKEN_EXPIRY_IN_S = 90 * 24 * 60 * 60
 
 function sendConfirmationEmail(userId, email, emailTemplate, callback) {
   if (arguments.length === 3) {
@@ -29,7 +30,7 @@ function sendConfirmationEmail(userId, email, emailTemplate, callback) {
   OneTimeTokenHandler.getNewToken(
     'email_confirmation',
     data,
-    { expiresIn: ONE_YEAR_IN_S },
+    { expiresIn: TOKEN_EXPIRY_IN_S },
     function(err, token) {
       if (err) {
         return callback(err)
diff --git a/services/web/test/unit/src/User/UserEmailsConfirmationHandlerTests.js b/services/web/test/unit/src/User/UserEmailsConfirmationHandlerTests.js
index 597cac747f..1694c22ad5 100644
--- a/services/web/test/unit/src/User/UserEmailsConfirmationHandlerTests.js
+++ b/services/web/test/unit/src/User/UserEmailsConfirmationHandlerTests.js
@@ -70,7 +70,7 @@ describe('UserEmailsConfirmationHandler', function() {
           .calledWith(
             'email_confirmation',
             { user_id: this.user_id, email: this.email },
-            { expiresIn: 365 * 24 * 60 * 60 }
+            { expiresIn: 90 * 24 * 60 * 60 }
           )
           .should.equal(true)
       })