diff --git a/store/account_test.go b/store/account_test.go
index 19cef0a..5a6a4cf 100644
--- a/store/account_test.go
+++ b/store/account_test.go
@@ -320,3 +320,33 @@ func TestStoreUpdateVerifyTokenStringAccountNotExists(t *testing.T) {
 		t.Fatalf(`UpdateVerifyTokenString error for nonexistant account: wanted "%+v", got "%+v."`, ErrWrongCredentials, err)
 	}
 }
+
+
+// Test VerifyAccount for existing account
+func TestUpdateVerifyAccountSuccess(t *testing.T) {
+	s, sqliteTmpFile := StoreTestInit(t)
+	defer StoreTestCleanup(sqliteTmpFile)
+
+	verifyTokenString := auth.VerifyTokenString("abcd1234abcd1234abcd1234abcd1234")
+	time1 := time.Time{}
+
+	_, email, password, createdSeed := makeTestUser(t, &s, verifyTokenString, &time1)
+
+	// we're not testing normalization features so we'll just use this here
+	normEmail := email.Normalize()
+
+	if err := s.VerifyAccount( verifyTokenString); err != nil {
+		t.Fatalf("Unexpected error in VerifyAccount: err: %+v", err)
+	}
+	expectAccountMatch(t, &s, normEmail, email, password, createdSeed, "", nil)
+}
+
+// Test VerifyAccount for nonexisting token
+func TestStoreVerifyAccountTokenNotExists(t *testing.T) {
+	s, sqliteTmpFile := StoreTestInit(t)
+	defer StoreTestCleanup(sqliteTmpFile)
+
+	if err := s.VerifyAccount("abcd1234abcd1234abcd1234abcd1234"); err != ErrNoTokenForUser {
+		t.Fatalf(`VerifyAccount error for nonexistant token: wanted "%+v", got "%+v."`, ErrNoTokenForUser, err)
+	}
+}
diff --git a/store/store.go b/store/store.go
index b7ff2a7..b38e11a 100644
--- a/store/store.go
+++ b/store/store.go
@@ -125,7 +125,7 @@ func (s *Store) Migrate() error {
 			key TEXT NOT NULL,
 			client_salt_seed TEXT NOT NULL,
 			server_salt TEXT NOT NULL,
-			verify_token TEXT NOT NULL,
+			verify_token TEXT NOT NULL UNIQUE, -- will query by token when verifying
 			verify_expiration DATETIME,
 			user_id INTEGER PRIMARY KEY AUTOINCREMENT,
 			CHECK (
@@ -425,7 +425,22 @@ func (s *Store) UpdateVerifyTokenString(email auth.Email, verifyTokenString auth
 	return
 }
 
-func (s *Store) VerifyAccount(auth.VerifyTokenString) (err error) {
+func (s *Store) VerifyAccount(verifyTokenString auth.VerifyTokenString) (err error) {
+	res, err := s.db.Exec(
+		"UPDATE accounts SET verify_token=?, verify_expiration=? WHERE verify_token=?",
+		"", nil, verifyTokenString,
+	)
+	if err != nil {
+		return
+	}
+
+	numRows, err := res.RowsAffected()
+	if err != nil {
+		return
+	}
+	if numRows == 0 {
+		err = ErrNoTokenForUser
+	}
 	return
 }