I read a story yesterday that literally made my jaw drop. Job interviewers are asking potential employees for their Facebook passwords. Not just their Facebook site address, but the person's actual password so the interviewer can log into the site and have access to everything. An Associated Press piece published by Bloomberg Businessweek explained it this way:
In their efforts to vet applicants, some companies and government agencies are going beyond merely glancing at a person's social networking profiles and instead asking to log in as the user to have a look around.
Many are questioning the legalities of the practice, and the article retells the story of one person who ended the interview and withdrew his application after the request.
This story and this practice disturb me on oh-so-many levels. The pieces I've read focus on a job applicant's right to privacy, and there was the typical advice of what not to post on social media sites. I've written before that young adults don't have the same sense of privacy that older adults, who did not grow up in the electronic media age, have, and that could be a concern both in the job search and in the workplace. But this isn't about what you post publicly, but what is buried underneath and supposedly private.
However, I also see massive security implications here, and the damage of handing over your social media site password could go beyond the privacy of a job seeker's private Facebook messages and photos. Because users tend to use the same password on multiple sites, the chances are very good that the password used for Facebook is also used for other social media sites, email accounts, online retail accounts and so on. The person who now has your email and your password now has access to a whole lot of data on you.
This highlights why employers should insist that employees use unique passwords for work-related access. A better solution may be multi-authentication access - a password and another step - to access the corporate network. Or require network-related passwords be changed frequently. In any case, it is a good reason for companies to look closer at their password security.
And if you are one of those companies that ask for Facebook passwords, I'd love to know why.