diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.Password.md b/documentation/dsls/DSL:-AshAuthentication.Strategy.Password.md
index cdda8f7..5cfb2ca 100644
--- a/documentation/dsls/DSL:-AshAuthentication.Strategy.Password.md
+++ b/documentation/dsls/DSL:-AshAuthentication.Strategy.Password.md
@@ -137,7 +137,7 @@ end
 | [`registration_enabled?`](#authentication-strategies-password-registration_enabled?){: #authentication-strategies-password-registration_enabled? } | `boolean` | `true` | If you do not want new users to be able to register using this strategy, set this to false. |
 | [`sign_in_action_name`](#authentication-strategies-password-sign_in_action_name){: #authentication-strategies-password-sign_in_action_name } | `atom` |  | The name to use for the sign in action. Defaults to `sign_in_with_<strategy_name>` |
 | [`sign_in_enabled?`](#authentication-strategies-password-sign_in_enabled?){: #authentication-strategies-password-sign_in_enabled? } | `boolean` | `true` | If you do not want new users to be able to sign in using this strategy, set this to false. |
-| [`sign_in_tokens_enabled?`](#authentication-strategies-password-sign_in_tokens_enabled?){: #authentication-strategies-password-sign_in_tokens_enabled? } | `boolean` | `false` | Whether or not to support generating short lived sign in tokens. Requires the resource to have tokens enabled. There is no drawback to supporting this, and in the future this default will change from `false` to `true`. |
+| [`sign_in_tokens_enabled?`](#authentication-strategies-password-sign_in_tokens_enabled?){: #authentication-strategies-password-sign_in_tokens_enabled? } | `boolean` | `true` | Whether or not to support generating short lived sign in tokens. Requires the resource to have tokens enabled. |
 | [`sign_in_token_lifetime`](#authentication-strategies-password-sign_in_token_lifetime){: #authentication-strategies-password-sign_in_token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{60, :seconds}` | A lifetime for which a generated sign in token will be valid, if `sign_in_tokens_enabled?`. Unit defaults to `:seconds`. |
 
 
diff --git a/lib/ash_authentication/strategies/password/dsl.ex b/lib/ash_authentication/strategies/password/dsl.ex
index bfafeac..1f99f18 100644
--- a/lib/ash_authentication/strategies/password/dsl.ex
+++ b/lib/ash_authentication/strategies/password/dsl.ex
@@ -109,9 +109,9 @@ defmodule AshAuthentication.Strategy.Password.Dsl do
         sign_in_tokens_enabled?: [
           type: :boolean,
           doc:
-            "Whether or not to support generating short lived sign in tokens. Requires the resource to have tokens enabled. There is no drawback to supporting this, and in the future this default will change from `false` to `true`.",
+            "Whether or not to support generating short lived sign in tokens. Requires the resource to have tokens enabled.",
           required: false,
-          default: false
+          default: true
         ],
         sign_in_token_lifetime: [
           type: