diff --git a/arkindex/users/serializers.py b/arkindex/users/serializers.py
index 705ef7d16f9a211fd79a7054c2254431922a9a34..8bf49eeea60a226a5c1c9bae0c2c449e7962c148 100644
--- a/arkindex/users/serializers.py
+++ b/arkindex/users/serializers.py
@@ -140,8 +140,10 @@ class PasswordResetConfirmSerializer(serializers.Serializer):
 
     def save(self):
         user = self.validated_data["user"]
-        if not user or not self.validated_data["valid_token"]:
+        if not user:
             return
+        if not self.validated_data["valid_token"]:
+            raise serializers.ValidationError({"token": "This password reset link has expired. Please generate a new one using the 'Forgot your password?' link on the Login page."})
         user.set_password(self.validated_data["password"])
         user.save()
 
diff --git a/arkindex/users/tests/test_password_reset.py b/arkindex/users/tests/test_password_reset.py
index 32c08a1b2a26a032508edd7f8f95340029772b06..517dc451803e3edd2535ed372468a567f00f26a9 100644
--- a/arkindex/users/tests/test_password_reset.py
+++ b/arkindex/users/tests/test_password_reset.py
@@ -75,7 +75,7 @@ class TestPasswordReset(FixtureAPITestCase):
             },
             format="json",
         )
-        self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
+        self.assertEqual(resp.status_code, status.HTTP_400_BAD_REQUEST)
         self.user.refresh_from_db()
         self.assertFalse(self.user.check_password("S3cr37Pa$$w0rd"))
         self.assertEqual(token_gen_mock.check_token.call_count, 1)