diff --git a/changelog.d/309.bugfix b/changelog.d/309.bugfix
new file mode 100644
index 00000000..d776e409
--- /dev/null
+++ b/changelog.d/309.bugfix
@@ -0,0 +1 @@
+Sydent now correctly enforces the valid characters in the `client_secret` parameter used in various endpoints.
diff --git a/sydent/util/stringutils.py b/sydent/util/stringutils.py
index fbcd7984..e41ff662 100644
--- a/sydent/util/stringutils.py
+++ b/sydent/util/stringutils.py
@@ -15,9 +15,7 @@
 import re
 
 # https://matrix.org/docs/spec/client_server/r0.6.0#post-matrix-client-r0-register-email-requesttoken
-# Note: The : character is allowed here for older clients, but will be removed in a
-# future release. Context: https://github.com/matrix-org/sydent/issues/247
-client_secret_regex = re.compile(r"^[0-9a-zA-Z\.\=\_\-\:]+$")
+client_secret_regex = re.compile(r"^[0-9a-zA-Z\.\=\_\-]+$")
 
 
 def is_valid_client_secret(client_secret):