spec checked
NIST SP 800-63B email confirmation code distinction
Distinguishes email confirmation codes used to validate email addresses from authentication processes, while cautioning that email is not an out-of-band authenticator for authentication.
Pattern Decisions This Source Supports
| Pattern | Supported decision | Required contract | Claim note |
|---|---|---|---|
| Confirm email | Choose confirm email when the service must prove that the user can access the mailbox for account activation, recovery, sensitive notifications, invitation acceptance, or a verified contact route. | The confirmation page states which email address is pending and why access to that mailbox is required. | NIST distinguishes confirmation codes sent to validate email addresses from authentication processes. |
Evidence Role
This source is treated as spec evidence. Use it to validate the decision rules above, not as a visual style reference.
Publisher: National Institute of Standards and Technology. Last checked: .