DBA: Do you want usernames to be unique?
DBA: Should passwords be unique as well?
(later that day)
DBA: Shouldn’t we require passwords to be unique?
DBA: Are you sure?
Developer: <15 minutes of explanation as to why different users are not required to have different passwords, just usernames>
DBA: Your procedure doesn’t return a specific error message.
Developer: It’s a security issue, and should only return “Invalid Username/Password Combo.”
DBA: So if they get the username wrong, but the password correct you’re not going to display a specific message?
Full text found here.