diff --git a/packages/functional-tests/lib/targets/base.ts b/packages/functional-tests/lib/targets/base.ts
index 8748fa27a35..586b35876a8 100644
--- a/packages/functional-tests/lib/targets/base.ts
+++ b/packages/functional-tests/lib/targets/base.ts
@@ -52,14 +52,19 @@ export abstract class BaseTarget {
     readonly authServerUrl: string,
     emailUrl?: string
   ) {
+    // Default to v2 key stretching — that's the state new accounts are
+    // created in nowadays. Creating accounts as v1 here means the first
+    // sign-in triggers a v1→v2 upgrade (password/change/start + finish)
+    // that bumps account.verifierSetAt; subsequent OAuth /authorization
+    // calls reusing the cached session then 401 on assertion validation.
     const keyStretchVersion = parseInt(
-      process.env.AUTH_CLIENT_KEY_STRETCH_VERSION || '1'
+      process.env.AUTH_CLIENT_KEY_STRETCH_VERSION || '2'
     );
     this.authClient = this.createAuthClient(keyStretchVersion);
     this.emailClient = new EmailClient(emailUrl);
   }
 
-  createAuthClient(keyStretchVersion = 1): AuthClient {
+  createAuthClient(keyStretchVersion = 2): AuthClient {
     if (![1, 2].includes(keyStretchVersion)) {
       throw new Error(
         `Invalid keyStretchVersion =${keyStretchVersion}. The` +
diff --git a/packages/functional-tests/tests/misc/authClientV2.spec.ts b/packages/functional-tests/tests/misc/authClientV2.spec.ts
index 60217a782fd..536ac620b04 100644
--- a/packages/functional-tests/tests/misc/authClientV2.spec.ts
+++ b/packages/functional-tests/tests/misc/authClientV2.spec.ts
@@ -51,7 +51,8 @@ test.describe('auth-client-tests', () => {
     target,
     testAccountTracker,
   }) => {
-    const client = target.authClient;
+    // target.authClient defaults to v2 now; force v1 for this test.
+    const client = target.createAuthClient(1);
     const { email, password } = testAccountTracker.generateAccountDetails();
 
     await signUp(client, email, password, target);
@@ -127,7 +128,8 @@ test.describe('auth-client-tests', () => {
     target,
     testAccountTracker,
   }) => {
-    const client = target.authClient;
+    // target.authClient defaults to v2 now; force v1 for this test.
+    const client = target.createAuthClient(1);
     const { email, password } = testAccountTracker.generateAccountDetails();
 
     await signUp(client, email, password, target);