Currently tokens created to access projects via CLI don't expire at all. Having the ability to let tokens expire is highly recommended and is considered one of the standard security practices that helps keep accounts secure. It should be possible to let them expire after say 1, 3, 5, 7, 30, 60, 90, 120, 150 or 180 days.

Having a notification email once tokens are about to expire would improve the flow when working with them.