diff --git a/src/mibew/libs/classes/Mibew/Controller/PasswordRecoveryController.php b/src/mibew/libs/classes/Mibew/Controller/PasswordRecoveryController.php
index fdae8cee..102b2c33 100644
--- a/src/mibew/libs/classes/Mibew/Controller/PasswordRecoveryController.php
+++ b/src/mibew/libs/classes/Mibew/Controller/PasswordRecoveryController.php
@@ -78,7 +78,7 @@ class PasswordRecoveryController extends AbstractController
             if (count($page['errors']) == 0) {
                 $token = sha1($to_restore['vclogin'] . (function_exists('openssl_random_pseudo_bytes')
                     ? openssl_random_pseudo_bytes(32)
-                    : (time() + microtime()) . mt_rand(0, 99999999)));
+                    : (time() + microtime(true)) . mt_rand(0, 99999999)));
 
                 // Update the operator
                 $to_restore['dtmrestore'] = time();
diff --git a/src/mibew/libs/common/csrf.php b/src/mibew/libs/common/csrf.php
index 7dd8d7bd..6e83f265 100644
--- a/src/mibew/libs/common/csrf.php
+++ b/src/mibew/libs/common/csrf.php
@@ -67,6 +67,6 @@ function set_csrf_token()
     if (!isset($_SESSION[SESSION_PREFIX . 'csrf_token'])) {
         $_SESSION[SESSION_PREFIX . 'csrf_token'] = sha1(session_id() . (function_exists('openssl_random_pseudo_bytes')
             ? openssl_random_pseudo_bytes(32)
-            : (time() + microtime()) . mt_rand(0, 99999999)));
+            : (time() + microtime(true)) . mt_rand(0, 99999999)));
     }
 }