Password reset links should time-out in a reasonable time-frame. Imagine if a hacker gets access
to your user's emails - the first thing they will do is try to compromise their other online
accounts, and long-lived password reset links make this easier.
