When a new user clicks on the one-time login link that is sent by email, the user is taken to a page generated by user_pass_reset() that states:
This is a one-time login for %user_name and will expire on %expiration_date. Click on this button to log in to the site and change your password.
However, the message should not state that the link expires. The expiration information is only relevant to users who are resetting their passwords, not new users. If you wait a week before using the emailed link, the page incorrectly states that the link "will expire" on a date six days in the past. Nevertheless, clicking "Log in" works, proving that the expiration message is incorrect.
This is confusing for users, and also confusing for the site's admins, who end up mistakenly believing that all of the new-user one-time login links have an expiration date.