>>>Hi,
>>>
>>>In a program that uses Sing-Factor Authentication (user ID and Password) I understand that each ID has to be unique. Does each user Password have to be unique too or duplicates are allowed?
>>>
>>>TIA
>>
>>If people can only log in using only a password, this password must "by definition" be unique. How should the system be able to differentiate who logs on if duplicates were allowed?
>
>I wrote that the authentication is to be done on both ID and the password, not only by a password.

Until you implement at least a unique clause for (ID + pwd) you run the danger of not identifying correctly.
As ID is easy to see on screen, such clause opens nearly identical risk as the unique pwd.
While it is definately not wrong to question standards, be prepared that they often provide the most fitting answer ;-)