The problem is not really with the string - in my opinion
The problem for me is that I end up with two screens open in my browser
forgot-password?layout=confirm
and
forgot-password?layout=confirm&token=
and we really should have seperate strings for each

An email has been sent to your email address. The email has a verification code, please paste the verification code in the field below and enter your username to prove that you are the owner of this account.

Please enter your username to prove that you are the owner of this account.

Ok. my problem is that this would mean we need to break the view https://github.com/joomla/joomla-cms/blob/staging/components/com_users/views/reset/tmpl/confirm.php as the language string comes from this line https://github.com/joomla/joomla-cms/blob/staging/components/com_users/models/forms/reset_confirm.xml#L3.

That is the reason i suggested a language string change over an view change.

Conditional string?

Yes this is possible but this would still mean to modify the view php code which I would like to avoid.

If you dont have two strings then one of the views will always read wrong - to me at least. Others may disagree

The only difference, and the same exists with the privacy confirmation stuff, is basically whether the token field was prefilled because you have a token= value in the query string. It's not enough to warrant two separate views, and IMO it's flaky behavior at best to have a different string based on whether the token has a value from the request (because there's no guarantee it's actually the right token either, stuff ?token=abcd in on the URL and see what happens).

Two strings would be the way to go if you change anything.

Ok closing here than. Thanks!