diff --git a/main.go b/main.go
index 7a5b017..15af711 100644
--- a/main.go
+++ b/main.go
@@ -55,8 +55,8 @@ func initConfig() {
 	viper.SetDefault("WebInterface.Listen", "127.0.0.1:8080")
 	viper.SetDefault("WebInterface.Sessions.SecureCookie", true)
 	viper.SetDefault("WebInterface.Sessions.CookieMaxAge", 86400*7)
-	viper.SetDefault("Telegram.TokenGenerator.GlobalValidity", 1)
-	viper.SetDefault("Telegram.TokenGenerator.PerAlbumValidity", 7)
+	viper.SetDefault("Telegram.TokenGenerator.GlobalValidity", 7)
+	viper.SetDefault("Telegram.TokenGenerator.PerAlbumValidity", 15)
 
 	viper.SetConfigName("photo-bot") // name of config file (without extension)
 	viper.AddConfigPath("/etc/photo-bot/")
diff --git a/token.go b/token.go
index 520e879..b12fb08 100644
--- a/token.go
+++ b/token.go
@@ -40,7 +40,7 @@ func (g *TokenGenerator) NewToken(data TokenData) string {
 
 	//fmt.Println(hex.EncodeToString(hash))
 
-	return base64.StdEncoding.EncodeToString(hash)
+	return base64.RawURLEncoding.EncodeToString(hash)
 }
 
 func getBufferFor(data TokenData) []byte {
@@ -69,7 +69,7 @@ func getBufferFor(data TokenData) []byte {
 }
 
 func (g *TokenGenerator) ValidateToken(data TokenData, token string, validity int) (bool, error) {
-	rawToken, err := base64.StdEncoding.DecodeString(token)
+	rawToken, err := base64.RawURLEncoding.DecodeString(token)
 	if err != nil {
 		return false, err
 	}
diff --git a/token_test.go b/token_test.go
index 9af1cec..2efce37 100644
--- a/token_test.go
+++ b/token_test.go
@@ -25,7 +25,7 @@ func TestTokenGenerator(t *testing.T) {
 	token := g.NewToken(TokenData{now, "nmasse", "read"})
 
 	// echo "000000: 021d 0000 6e6d 6173 7365 0072 6561 64" |xxd -r | openssl dgst -sha256 -mac HMAC -macopt "hexkey:$KEY" -binary |openssl base64
-	expectedToken := "McChidYyEfEPkotTq08EW+eYHjd2QX+wlUzgGjOhWlY="
+	expectedToken := "McChidYyEfEPkotTq08EW-eYHjd2QX-wlUzgGjOhWlY"
 	assert.Equal(t, token, expectedToken, "expected a valid token")
 
 	sixDaysLater := time.Unix(1589221922, 0)