diff --git a/README.md b/README.md
index 6fe49a7..329dffd 100644
--- a/README.md
+++ b/README.md
@@ -323,6 +323,8 @@ DEFAULTS = {
     # Token Generation Retry Count
     'PASSWORDLESS_TOKEN_GENERATION_ATTEMPTS': 3
 
+    # The length of the token to send in email or sms, maximum 6
+    'PASSWORDLESS_TOKEN_LENGTH': 6
 
 }
 ```
diff --git a/drfpasswordless/models.py b/drfpasswordless/models.py
index d09f3fc..b07b16f 100644
--- a/drfpasswordless/models.py
+++ b/drfpasswordless/models.py
@@ -3,6 +3,7 @@
 from django.conf import settings
 import string
 from django.utils.crypto import get_random_string
+from drfpasswordless.settings import api_settings
 
 def generate_hex_token():
     return uuid.uuid1().hex
@@ -13,7 +14,7 @@ def generate_numeric_token():
     Generate a random 6 digit string of numbers.
     We use this formatting to allow leading 0s.
     """
-    return get_random_string(length=6, allowed_chars=string.digits)
+    return get_random_string(length=api_settings.PASSWORDLESS_TOKEN_LENGTH, allowed_chars=string.digits)
 
 
 class CallbackTokenManger(models.Manager):
diff --git a/drfpasswordless/serializers.py b/drfpasswordless/serializers.py
index 6ce1523..1ed61bc 100644
--- a/drfpasswordless/serializers.py
+++ b/drfpasswordless/serializers.py
@@ -175,7 +175,7 @@ class AbstractBaseCallbackTokenSerializer(serializers.Serializer):
 
     email = serializers.EmailField(required=False)  # Needs to be required=false to require both.
     mobile = serializers.CharField(required=False, validators=[phone_regex], max_length=17)
-    token = TokenField(min_length=6, max_length=6, validators=[token_age_validator])
+    token = TokenField(min_length=api_settings.PASSWORDLESS_TOKEN_LENGTH, max_length=api_settings.PASSWORDLESS_TOKEN_LENGTH, validators=[token_age_validator])
 
     def validate_alias(self, attrs):
         email = attrs.get('email', None)
diff --git a/drfpasswordless/settings.py b/drfpasswordless/settings.py
index 5b93197..c9bd842 100644
--- a/drfpasswordless/settings.py
+++ b/drfpasswordless/settings.py
@@ -89,7 +89,10 @@
     'PASSWORDLESS_SMS_CALLBACK': 'drfpasswordless.utils.send_sms_with_callback_token',
 
     # Token Generation Retry Count
-    'PASSWORDLESS_TOKEN_GENERATION_ATTEMPTS': 3
+    'PASSWORDLESS_TOKEN_GENERATION_ATTEMPTS': 3,
+
+    # The length of the token to send in email or sms, maximum 6
+    'PASSWORDLESS_TOKEN_LENGTH': 6
 }
 
 # List of settings that may be in string import notation.