diff --git a/libraries/access-token-encryptor/lib/coffee/AccessTokenEncryptor.coffee b/libraries/access-token-encryptor/lib/coffee/AccessTokenEncryptor.coffee
index 3a354c4e8d..31fb89c9bb 100644
--- a/libraries/access-token-encryptor/lib/coffee/AccessTokenEncryptor.coffee
+++ b/libraries/access-token-encryptor/lib/coffee/AccessTokenEncryptor.coffee
@@ -21,20 +21,6 @@ class AccessTokenEncryptor
 		throw Error("cipherPassword too short") if @cipherPassword.length < 16
 
 	encryptJson: (json, callback) ->
-		unless ["2015.1", "2016.1"].includes(@cipherLabel)
-			return @encryptJsonV2(json, callback)
-
-		string = JSON.stringify(json)
-		salt = crypto.randomBytes(16)
-		keyFn @cipherPassword, salt, (err, key) =>
-			if err?
-				logger.err err:err, "error getting Fn key"
-				return callback(err)
-			cipher = crypto.createCipher(ALGORITHM,  key)
-			crypted  = cipher.update(string, 'utf8', 'base64') + cipher.final('base64')
-			callback(null, @cipherLabel + ":" + salt.toString('hex') + ":" + crypted)
-
-	encryptJsonV2: (json, callback) ->
 		string = JSON.stringify(json)
 		crypto.randomBytes 32, (err, bytes) =>
 			return callback(err) if err
@@ -53,11 +39,15 @@ class AccessTokenEncryptor
 
 	decryptToJson: (encryptedJson, callback) ->
 		[label, salt, cipherText, iv] = encryptedJson.split(':', 4)
-		if iv and iv.length > 0
-			return @decryptToJsonV2(encryptedJson, callback)
-
 		password = @settings.cipherPasswords[label]
 		return callback(new Error("invalid password")) if not password? or password.length < 16
+
+		if iv
+			@decryptToJsonV2(password, salt, cipherText, iv, callback)
+		else
+			@decryptToJsonV1(password, salt, cipherText, callback)
+
+	decryptToJsonV1: (password, salt, cipherText, callback) ->
 		keyFn password, Buffer.from(salt, 'hex'), (err, key) =>
 			if err?
 				logger.err err:err, "error getting Fn key"
@@ -68,13 +58,9 @@ class AccessTokenEncryptor
 				json = JSON.parse(dec)
 			catch e
 				return callback(new Error("error decrypting token"))
-			callback(null, json)
-
-	decryptToJsonV2: (encryptedJson, callback) ->
-		[label, salt, cipherText, iv] = encryptedJson.split(':', 4)
-		password = @settings.cipherPasswords[label]
-		return callback(new Error("invalid password")) if not password? or password.length < 16
+			callback(null, json, true)
 
+	decryptToJsonV2: (password, salt, cipherText, iv, callback) ->
 		keyFn32 password, Buffer.from(salt, 'hex'), 32, (err, key) =>
 			if err?
 				logger.err err:err, "error getting Fn key"
diff --git a/libraries/access-token-encryptor/test/unit/coffee/AccessTokenEncryptorTests.coffee b/libraries/access-token-encryptor/test/unit/coffee/AccessTokenEncryptorTests.coffee
index 59b1b61a8d..e99f0ebee2 100644
--- a/libraries/access-token-encryptor/test/unit/coffee/AccessTokenEncryptorTests.coffee
+++ b/libraries/access-token-encryptor/test/unit/coffee/AccessTokenEncryptorTests.coffee
@@ -37,14 +37,6 @@ describe 'AccessTokenEncryptor', ->
 					encrypted1.should.not.equal(encrypted2)
 					done()
 
-		it 'should encrypt the object in v1 format for an old label', (done)->
-			@settings.cipherLabel = "2016.1"
-			@encryptor = new @AccessTokenEncryptor(@settings)
-			@encryptor.encryptJson @testObject, (err, encrypted)->
-				expect(err).to.be.null
-				encrypted.should.match(/^2016.1:[0-9a-f]{32}:[a-zA-Z0-9=+\/]+$/)
-				done()
-
 	describe "decrypt", ->
 		it 'should decrypt the string to get the same object', (done)->
 			@encryptor.encryptJson @testObject, (err, encrypted) =>