diff --git a/controllers/forgot.js b/controllers/forgot.js
index c1b0f397d1..d4431efd91 100644
--- a/controllers/forgot.js
+++ b/controllers/forgot.js
@@ -36,7 +36,7 @@ exports.postForgot = function(req, res, next) {
 
   async.waterfall([
     function(done) {
-      crypto.randomBytes(20, function(err, buf) {
+      crypto.randomBytes(16, function(err, buf) {
         var token = buf.toString('hex');
         done(err, token);
       });
@@ -68,7 +68,7 @@ exports.postForgot = function(req, res, next) {
         to: user.email,
         from: 'hackathon@starter.com',
         subject: 'Reset your password on Hackathon Starter',
-        text: 'You are receiving this because you (or someone else) have requested the reset of the password for your account.\n\n' +
+        text: 'You are receiving this email because you (or someone else) have requested the reset of the password for your account.\n\n' +
           'Please click on the following link, or paste this into your browser to complete the process:\n\n' +
           'http://' + req.headers.host + '/reset/' + token + '\n\n' +
           'If you did not request this, please ignore this email and your password will remain unchanged.\n'