Best practices for email confirmation codes

Question

I\'m creating a PHP website which involves users signing up, and I\'m wondering about best practices for \"email confirmation\" codes.

New users must confirm their e

Answer 1

Why not ask the user to enter their username and their code, thereby eliminating any problem with collision? You don't lose anything security-wise as you're still asking for the key which they'd get from the email, but you'd stop them being able to reset other users' passwords.