Password reset links should time-out in a reasonable time-frame.
Imagine if a hacker gets access to your user's emails - the first thing
they will do is try to compromise their other online accounts,
and long-lived password reset links make this easier.
