Do unused reset tokens actually expire?

If you try to use a token that has already been consumed, the error message says message: "Token expired [403]"

If it remains unused, does it remain in perpetuity or does it expire after a given period?

It seems that Accounts will only keep one reset token at a time.

Thus, if a user requests a reset twice, the first reset token is expired.

The second one will sit it out in perpetuity until it is consumed.