diff --git a/kernel/user/forgotpassword.php b/kernel/user/forgotpassword.php
index 488b78c875b..22e6c17c1c6 100644
--- a/kernel/user/forgotpassword.php
+++ b/kernel/user/forgotpassword.php
@@ -113,7 +113,11 @@
             $user   = $users[0];
             $time   = time();
             $userID = $user->id();
-            $hashKey = md5( $userID . ':' . $time . ':' . mt_rand() );
+            $hashKey = md5(
+                $userID . ':' . microtime() . ':' .
+                ( function_exists( "openssl_random_pseudo_bytes" ) ?
+                    openssl_random_pseudo_bytes( 32 ) : mt_rand() )
+            );
 
             // Create forgot password object
             if ( eZOperationHandler::operationIsAvailable( 'user_forgotpassword' ) )