>>>>Hi,
>>>>
>>>>In a program that uses Sing-Factor Authentication (user ID and Password) I understand that each ID has to be unique. Does each user Password have to be unique too or duplicates are allowed?
>>>>
>>>>TIA
>>>
>>>If people can only log in using only a password, this password must "by definition" be unique. How should the system be able to differentiate who logs on if duplicates were allowed?
>>
>>I wrote that the authentication is to be done on both ID and the password, not only by a password.
>
>Until you implement at least a unique clause for (ID + pwd) you run the danger of not identifying correctly.
>As ID is easy to see on screen, such clause opens nearly identical risk as the unique pwd.
>While it is definately not wrong to question standards, be prepared that they often provide the most fitting answer ;-)
Thank you. Currently in my app both ID and pwd have to be unique. But since I am going to change the program (possible) to make the user enter both ID and password on log in (currently they only need to enter the password), I want to remove the requirement of the unique pwd. Mostly I will do it for the reasons described by others; to prevent a user from finding out that someone already has such-and-such password and therefore can log in under that other person's ID (in a small group of people).
"The creative process is nothing but a series of crises." Isaac Bashevis Singer
"My experience is that as soon as people are old enough to know better, they don't know anything at all." Oscar Wilde
"If a nation values anything more than freedom, it will lose its freedom; and the irony of it is that if it is comfort or money that it values more, it will lose that too." W.Somerset Maugham
