diff --git a/auth_backend/auth_plugins/email.py b/auth_backend/auth_plugins/email.py
index eb49ef6e..588cabab 100644
--- a/auth_backend/auth_plugins/email.py
+++ b/auth_backend/auth_plugins/email.py
@@ -133,7 +133,7 @@ async def _login(user_inp: EmailLogin) -> Session:
             user_inp.password, query.user.auth_methods.hashed_password.value, query.user.auth_methods.salt.value
         ):
             raise AuthFailed(error="Incorrect login or password")
-        db.session.add(user_session := UserSession(user_id=query.user.id, token=random_string()))
+        db.session.add(user_session := UserSession(user_id=query.user.id, token=random_string(length=settings.TOKEN_LENGTH)))
         db.session.commit()
         return Session(
             user_id=user_session.user_id, token=user_session.token, id=user_session.id, expires=user_session.expires
diff --git a/auth_backend/settings.py b/auth_backend/settings.py
index 5e050b0d..908e30e5 100644
--- a/auth_backend/settings.py
+++ b/auth_backend/settings.py
@@ -1,6 +1,6 @@
 from functools import lru_cache
 
-from pydantic import BaseSettings, PostgresDsn
+from pydantic import BaseSettings, PostgresDsn, conint
 
 
 class Settings(BaseSettings):
@@ -12,6 +12,7 @@ class Settings(BaseSettings):
     SMTP_HOST: str = 'smtp.gmail.com'
     SMTP_PORT: int = 587
     ENABLED_AUTH_METHODS: list[str] | None
+    TOKEN_LENGTH: conint(gt=8) = 64  # type: ignore
 
     MAX_RETRIES: int = 10
     STOP_MAX_DELAY: int = 10000