diff --git a/README.md b/README.md
index 20f0dff..476614b 100644
--- a/README.md
+++ b/README.md
@@ -55,17 +55,17 @@ A deployed version can also be found on [Heroku](https://govue.herokuapp.com)
 
 Name | Type | Default | Description
 ---|---|---|---
-PORT | int | 3000 | http port
+PORT | string | localhost:3000 | http address (accepts also port number only for heroku compability)  
 LOG_LEVEL | string | debug | log level
 LOG_TEXTLOGGING | bool | false | defaults to json logging
 DATABASE_URL | string | postgres://postgres:postgres<br>@localhost:5432/gobase?sslmode=disable | PostgreSQL connection string
 AUTH_LOGIN_URL | string | http://localhost:3000/login | client login url as sent in login token email
 AUTH_LOGIN_TOKEN_LENGTH | int | 8 | length of login token
-AUTH_LOGIN_TOKEN_EXPIRY | int | 11 | login token expiry in minutes
-AUTH_JWT_SECRET | string | random | jwt sign and verify key - value "random" sets random 32 char secret at startup
-AUTH_JWT_EXPIRY | int | 15 | jwt access token expiry in minutes
-AUTH_JWT_REFRESH_EXPIRY | int | 60 | jwt refresh token expiry in minutes
-EMAIL_SMTP_HOST | string || email smtp host<br>(if set and connection can't be established then app panics)
+AUTH_LOGIN_TOKEN_EXPIRY | time.Duration | 11m | login token expiry
+AUTH_JWT_SECRET | string | random | jwt sign and verify key - value "random" creates random 32 char secret at startup (and automatically invalidates existing tokens on app restarts, so during dev you might want to set a fixed value here)
+AUTH_JWT_EXPIRY | time.Duration | 15m | jwt access token expiry
+AUTH_JWT_REFRESH_EXPIRY | time.Duration | 1h | jwt refresh token expiry
+EMAIL_SMTP_HOST | string || email smtp host (if set and connection can't be established then app panics)
 EMAIL_SMTP_PORT | int || email smtp port
 EMAIL_SMTP_USER | string || email smtp username
 EMAIL_SMTP_PASSWORD | string || email smtp password
diff --git a/auth/handler.go b/auth/handler.go
index af56f93..6bd4aba 100644
--- a/auth/handler.go
+++ b/auth/handler.go
@@ -130,7 +130,7 @@ func (rs *Resource) token(w http.ResponseWriter, r *http.Request) {
 
 	token := &Token{
 		Token:      uuid.NewV4().String(),
-		Expiry:     time.Now().Add(time.Minute * rs.Token.jwtRefreshExpiry),
+		Expiry:     time.Now().Add(rs.Token.jwtRefreshExpiry),
 		UpdatedAt:  time.Now(),
 		AccountID:  acc.ID,
 		Mobile:     ua.Mobile(),
@@ -184,7 +184,7 @@ func (rs *Resource) refresh(w http.ResponseWriter, r *http.Request) {
 	}
 
 	token.Token = uuid.NewV4().String()
-	token.Expiry = time.Now().Add(time.Minute * rs.Token.jwtRefreshExpiry)
+	token.Expiry = time.Now().Add(rs.Token.jwtRefreshExpiry)
 	token.UpdatedAt = time.Now()
 
 	access, refresh, err := rs.Token.GenTokenPair(acc.Claims(), token.Claims())
diff --git a/auth/jwt.go b/auth/jwt.go
index e4be29a..67f0efb 100644
--- a/auth/jwt.go
+++ b/auth/jwt.go
@@ -59,7 +59,7 @@ func (a *TokenAuth) GenTokenPair(ca jwtauth.Claims, cr jwtauth.Claims) (string,
 // CreateJWT returns an access token for provided account claims.
 func (a *TokenAuth) CreateJWT(c jwtauth.Claims) (string, error) {
 	c.SetIssuedNow()
-	c.SetExpiryIn(a.jwtExpiry * time.Minute)
+	c.SetExpiryIn(a.jwtExpiry)
 	_, tokenString, err := a.JwtAuth.Encode(c)
 	return tokenString, err
 }
@@ -67,7 +67,7 @@ func (a *TokenAuth) CreateJWT(c jwtauth.Claims) (string, error) {
 // CreateRefreshJWT returns a refresh token for provided token Claims.
 func (a *TokenAuth) CreateRefreshJWT(c jwtauth.Claims) (string, error) {
 	c.SetIssuedNow()
-	c.SetExpiryIn(time.Minute * a.jwtRefreshExpiry)
+	c.SetExpiryIn(a.jwtRefreshExpiry)
 	_, tokenString, err := a.JwtAuth.Encode(c)
 	return tokenString, err
 }
diff --git a/auth/logintoken.go b/auth/logintoken.go
index b3f3aa2..7e65730 100644
--- a/auth/logintoken.go
+++ b/auth/logintoken.go
@@ -44,7 +44,7 @@ func (a *LoginTokenAuth) CreateToken(id int) LoginToken {
 	lt := LoginToken{
 		Token:     randStringBytes(a.loginTokenLength),
 		AccountID: id,
-		Expiry:    time.Now().Add(time.Minute * a.loginTokenExpiry),
+		Expiry:    time.Now().Add(a.loginTokenExpiry),
 	}
 	a.add(lt)
 	a.purgeExpired()
diff --git a/cmd/serve.go b/cmd/serve.go
index 08e4582..6b5f161 100644
--- a/cmd/serve.go
+++ b/cmd/serve.go
@@ -38,15 +38,15 @@ func init() {
 	RootCmd.AddCommand(serveCmd)
 
 	// Here you will define your flags and configuration settings.
-	viper.SetDefault("port", "3000")
+	viper.SetDefault("port", "localhost:3000")
 	viper.SetDefault("log_level", "debug")
 
 	viper.SetDefault("auth_login_url", "http://localhost:3000/login")
 	viper.SetDefault("auth_login_token_length", 8)
-	viper.SetDefault("auth_login_token_expiry", 11) // expiry in minutes
+	viper.SetDefault("auth_login_token_expiry", "11m")
 	viper.SetDefault("auth_jwt_secret", "random")
-	viper.SetDefault("auth_jwt_expiry", 15)
-	viper.SetDefault("auth_jwt_refresh_expiry", 60)
+	viper.SetDefault("auth_jwt_expiry", "15m")
+	viper.SetDefault("auth_jwt_refresh_expiry", "1h")
 
 	// Cobra supports Persistent Flags which will work for this command
 	// and all subcommands, e.g.: