diff --git a/mailbox-core/src/main/java/org/briarproject/mailbox/core/setup/SetupManager.kt b/mailbox-core/src/main/java/org/briarproject/mailbox/core/setup/SetupManager.kt
index 37e4f518148de33390e4de313ce118cf40f8a31b..eb07a5ed5186baf822b8bad58cff56273520a6df 100644
--- a/mailbox-core/src/main/java/org/briarproject/mailbox/core/setup/SetupManager.kt
+++ b/mailbox-core/src/main/java/org/briarproject/mailbox/core/setup/SetupManager.kt
@@ -29,7 +29,7 @@ class SetupManager @Inject constructor(
     fun restartSetup() {
         val settings = Settings()
         settings[SETTINGS_SETUP_TOKEN] = randomIdManager.getNewRandomId()
-        settings[SETTINGS_OWNER_TOKEN] = "" // we can't remove or null, so we need to empty it
+        settings[SETTINGS_OWNER_TOKEN] = null
         settingsManager.mergeSettings(settings, SETTINGS_NAMESPACE_OWNER)
     }
 
diff --git a/mailbox-core/src/test/java/org/briarproject/mailbox/core/setup/SetupManagerTest.kt b/mailbox-core/src/test/java/org/briarproject/mailbox/core/setup/SetupManagerTest.kt
index aa4ad01edf673a4270f07fc2fdc98565a5c4d6e0..ca509825b8d0686e90acfce4ce91be2f601bc21e 100644
--- a/mailbox-core/src/test/java/org/briarproject/mailbox/core/setup/SetupManagerTest.kt
+++ b/mailbox-core/src/test/java/org/briarproject/mailbox/core/setup/SetupManagerTest.kt
@@ -95,6 +95,13 @@ class SetupManagerTest : IntegrationTest() {
             assertNull(setupManager.getSetupToken(txn))
             assertEquals(setupManager.getOwnerToken(txn), response.token)
         }
+        // setup token can no longer be used
+        assertEquals(
+            HttpStatusCode.Unauthorized,
+            httpClient.put<HttpResponse>("$baseUrl/setup") {
+                authenticateWithToken(token)
+            }.status
+        )
     }
 
     @Test