diff --git a/controller/store/password_reset_request.go b/controller/store/password_reset_request.go
index a6a7b60d..75a1f3e4 100644
--- a/controller/store/password_reset_request.go
+++ b/controller/store/password_reset_request.go
@@ -17,7 +17,7 @@ type PasswordResetRequest struct {
 }
 
 func (str *Store) CreatePasswordResetRequest(prr *PasswordResetRequest, tx *sqlx.Tx) (int, error) {
-	stmt, err := tx.Prepare("insert into password_reset_requests (account_id, token) values ($1, $2) ON CONFLICT(account_id) DO UPDATE SET token=$2 returning id")
+	stmt, err := tx.Prepare("insert into password_reset_requests (account_id, token) values ($1, $2) returning id")
 	if err != nil {
 		return 0, errors.Wrap(err, "error preparing password_reset_requests insert statement")
 	}
diff --git a/controller/store/sql/postgresql/017_v0_4_23_password_reset_request_unique.sql b/controller/store/sql/postgresql/017_v0_4_23_password_reset_request_unique.sql
new file mode 100644
index 00000000..00b1ec97
--- /dev/null
+++ b/controller/store/sql/postgresql/017_v0_4_23_password_reset_request_unique.sql
@@ -0,0 +1,7 @@
+-- +migrate Up
+
+-- remove the old unique index (users might need multiple password resets)
+ALTER TABLE password_reset_requests DROP CONSTRAINT password_reset_requests_account_id_key;
+
+-- add new constraint which doesnt mind having multiple resets for account ids
+ALTER TABLE password_reset_requests ADD CONSTRAINT password_reset_requests_account_id_key FOREIGN KEY (account_id) REFERENCES accounts (id) on delete cascade;
diff --git a/controller/store/sql/sqlite3/017_v0_4_23_password_reset_request_unique.sql b/controller/store/sql/sqlite3/017_v0_4_23_password_reset_request_unique.sql
new file mode 100644
index 00000000..880018f5
--- /dev/null
+++ b/controller/store/sql/sqlite3/017_v0_4_23_password_reset_request_unique.sql
@@ -0,0 +1,17 @@
+-- +migrate Up
+
+alter table password_reset_requests rename to password_reset_requests_old;
+
+CREATE TABLE password_reset_requests (
+  id                    integer             primary key,
+  token                 string              not null unique,
+  created_at            datetime            not null default(strftime('%Y-%m-%d %H:%M:%f', 'now')),
+  updated_at            datetime            not null default(strftime('%Y-%m-%d %H:%M:%f', 'now')),
+  account_id            integer             not null constraint fk_accounts_password_reset_requests references accounts on delete cascade,
+  deleted               boolean             not null default(false),
+
+  constraint chk_token check(token <> '')
+);
+
+insert into password_reset_requests select * from password_reset_requests_old;
+drop table password_reset_requests_old;
\ No newline at end of file