diff --git a/lib/PasswordReset.js b/lib/PasswordReset.js
index 04e73eb..5f13aca 100644
--- a/lib/PasswordReset.js
+++ b/lib/PasswordReset.js
@@ -1,5 +1,8 @@
 'use strict';
 
+const bcrypt = require('bcrypt');
+const crypto = require('crypto');
+
 const DatabaseConnectionPool = require('./DatabaseConnectionPool');
 
 class PasswordReset {
@@ -35,8 +38,16 @@ class PasswordReset {
 
 	}
 
-	static hashToken(password) {
+	static async hashToken(u) {
+		const nonce = crypto
+			.randomBytes(16)
+			.toString('hex')
+			.slice(0, 16);
 
+		const tokenString = u.id + u.email + nonce + u.lastName;
+		const token = await bcrypt.hash(tokenString, 10);
+
+		return [ nonce, token ];
 	}
 
 	static generatePasswordReset() {