diff --git a/backend/src/schema/resolvers/passwordReset.js b/backend/src/schema/resolvers/passwordReset.js
index 83a1080d0..f3e1d32d2 100644
--- a/backend/src/schema/resolvers/passwordReset.js
+++ b/backend/src/schema/resolvers/passwordReset.js
@@ -1,7 +1,18 @@
 export default {
   Mutation: {
     requestPasswordReset: async (_, { email }, { driver }) => {
-      throw Error('Not Implemented')
+      const session = driver.session()
+      let validUntil = new Date()
+      validUntil += 3*60*1000
+      const cypher = `
+      MATCH(u:User) WHERE u.email = $email
+      CREATE(pr:PasswordReset {id: apoc.create.uuid(), validUntil: $validUntil, redeemedAt: NULL})
+      MERGE (u)-[:REQUESTED]->(pr)
+      RETURN u,pr
+      `
+      await session.run(cypher, { email, validUntil })
+      session.close()
+      return true
     },
     resetPassword: async (_, { email, token, newPassword }, { driver }) => {
       throw Error('Not Implemented')
diff --git a/backend/src/schema/resolvers/passwordReset.spec.js b/backend/src/schema/resolvers/passwordReset.spec.js
index d07ca4b09..3b0d39864 100644
--- a/backend/src/schema/resolvers/passwordReset.spec.js
+++ b/backend/src/schema/resolvers/passwordReset.spec.js
@@ -34,7 +34,7 @@ describe('passwordReset', () => {
     const mutation = `mutation($email: String!) { requestPasswordReset(email: $email) }`
 
     it('resolves', async () => {
-      await expect(client.request(mutation, variables)).resolves.toEqual(true)
+      await expect(client.request(mutation, variables)).resolves.toEqual({"requestPasswordReset": true})
     })
 
     it('creates node with label `PasswordReset`', async () => {
@@ -42,5 +42,22 @@ describe('passwordReset', () => {
       const resets = await getAllPasswordResets()
       expect(resets).toHaveLength(1)
     })
+
+    it('creates an id used as a reset token', async () => {
+      await client.request(mutation, variables)
+      const [reset] = await getAllPasswordResets()
+      const { id: token } = reset.properties
+      expect(token).toMatch(/^........-....-....-....-............$/)
+    })
+
+    it('created PasswordReset is valid for less than 4 minutes', async () => {
+      await client.request(mutation, variables)
+      const [reset] = await getAllPasswordResets()
+      let { validUntil } = reset.properties
+      validUntil = Date.parse(validUntil)
+      const now = (new Date()).getTime()
+      expect(validUntil).toBeGreaterThan(now - 60*1000)
+      expect(validUntil).toBeLessThan(now + 4*60*1000)
+    })
   })
 })