Should we have a single password for all users?

No, it is better to have individual usernames and passwords. A single password for all users greatly increases the chances that it will be compromised. Assuming you discover the security leak, you then have to notify all of the users of the replacement password. Individual usernames and passwords offer many advantages:

  • Your website is more secure, because a person generally will not give away a username and password that uniquely identify him. But people often won't hesitate to give a universal password to unauthorized outsiders.
  • Any troublemaker is identifiable from his unique username. You can revoke his login privileges without affecting any other users.
  • It is easier to grant different permissions to users. For instance, you may want to allow a select group of trusted users to serve as moderators.
  • People prefer setting their own passwords.