Yes, the user id should be numeric.
for a verify password field, you would use Server Validation included with Form Toolkit or CSS Form builder, use like entry validation to compare the first password field and the second.
The forgot password page is used after the user registers and tries to login, but has forgotten their password, this would occur after the double opt in, in other words, double opt in has no bearing on the forgot password page, they are two separate stages of the user experience.