diff --git a/index.js b/index.js
index 78babe1..5dd271e 100644
--- a/index.js
+++ b/index.js
@@ -13,9 +13,10 @@
  */
 
 var rndm = require('rndm')
-var uid = require('uid-safe')
 var compare = require('tsscmp')
 var crypto = require('crypto')
+var nanoid = require('nanoid')
+var nanoidAsync = require('nanoid/async')
 
 /**
  * Module variables.
@@ -92,7 +93,17 @@ Tokens.prototype.create = function create (secret) {
  */
 
 Tokens.prototype.secret = function secret (callback) {
-  return uid(this.secretLength, callback)
+  // validate callback is a function, if provided
+  if (callback !== undefined && typeof callback !== 'function') {
+    throw new TypeError('argument callback must be a function')
+  }
+
+  // require the callback without promises
+  if (!callback && !global.Promise) {
+    throw new TypeError('argument callback is required')
+  }
+
+  return nanoidAsync(Math.floor(this.secretLength * 8 / 5), callback)
 }
 
 /**
@@ -101,7 +112,7 @@ Tokens.prototype.secret = function secret (callback) {
  */
 
 Tokens.prototype.secretSync = function secretSync () {
-  return uid.sync(this.secretLength)
+  return nanoid(Math.floor(this.secretLength * 8 / 5))
 }
 
 /**
diff --git a/package.json b/package.json
index dff9b48..7b680b5 100644
--- a/package.json
+++ b/package.json
@@ -9,9 +9,9 @@
   "license": "MIT",
   "repository": "pillarjs/csrf",
   "dependencies": {
+    "nanoid": "2.0.0",
     "rndm": "1.2.0",
-    "tsscmp": "1.0.6",
-    "uid-safe": "2.1.5"
+    "tsscmp": "1.0.6"
   },
   "devDependencies": {
     "beautify-benchmark": "0.2.4",