diff --git a/core/src/main/java/com/github/games647/fastlogin/core/AuthStorage.java b/core/src/main/java/com/github/games647/fastlogin/core/AuthStorage.java
index e9d0808c..904d5921 100644
--- a/core/src/main/java/com/github/games647/fastlogin/core/AuthStorage.java
+++ b/core/src/main/java/com/github/games647/fastlogin/core/AuthStorage.java
@@ -70,7 +70,7 @@ public class AuthStorage {
 
             // adding paranoid hides hostname, username, version and so
             // could be useful for hiding server details
-            config.addDataSourceProperty("paranoid", "true");
+            config.addDataSourceProperty("paranoid", true);
 
             // enable MySQL specific optimizations
             // disabled by default - will return the same prepared statement instance
diff --git a/core/src/main/java/com/github/games647/fastlogin/core/RateLimiter.java b/core/src/main/java/com/github/games647/fastlogin/core/RateLimiter.java
index 63e64244..9f422d2e 100644
--- a/core/src/main/java/com/github/games647/fastlogin/core/RateLimiter.java
+++ b/core/src/main/java/com/github/games647/fastlogin/core/RateLimiter.java
@@ -21,8 +21,8 @@ public class RateLimiter {
      * @return true if allowed
      */
     public boolean tryAcquire() {
-        // currentTime millis could be expensive on some systems
-        long now = System.currentTimeMillis();
+        // current time millis is not monotonic - it can jump back depending on user choice or NTP
+        long now = System.nanoTime() / 1_000_000;
 
         // after this the request should be expired
         long toBeExpired = now - expireTime;