diff --git a/browserid/static/dialog/resources/user.js b/browserid/static/dialog/resources/user.js
index 468c0519b54f58ee2c1ff5e0d5b49d9e03c223fd..41ef20573ca0156381b18d051b2c43c24e8de522 100644
--- a/browserid/static/dialog/resources/user.js
+++ b/browserid/static/dialog/resources/user.js
@@ -535,7 +535,9 @@ BrowserID.User = (function() {
         function createAssertion(idInfo) {
           network.serverTime(function(serverTime) {
             var sk = jwk.SecretKey.fromSimpleObject(idInfo.priv);
-            var tok = new jwt.JWT(null, serverTime, origin);
+            // assertions are valid for 2 minutes
+            var expiration = serverTime + (2 * 60 * 1000);
+            var tok = new jwt.JWT(null, expiration, origin);
             assertion = vep.bundleCertsAndAssertion([idInfo.cert], tok.sign(sk));
             if (onSuccess) {
               onSuccess(assertion);