diff --git a/inc/auth.php b/inc/auth.php
index dac67bcb7c4c521514f4ec531fc0b3dc3c7028da..1f8489f03fe8e195bb27974cc790e72db7b8aa2d 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -993,7 +993,7 @@ function act_resendpwd() {
         }
 
         // generate auth token
-        $token = PassHash::hmac('md5', $user, auth_cookiesalt()); //secret but user based
+        $token = md5(uniqid(mt_rand(), true)); // random secret
         $tfile = $conf['cachedir'].'/'.$token{0}.'/'.$token.'.pwauth';
         $url   = wl('', array('do'=> 'resendpwd', 'pwauth'=> $token), true, '&');