back to article Facebook: Your boss asks for your password, we'll sue him! Maybe

Facebook's Chief Privacy Officer has condemned employers who ask for the Facebook log-ins of employees or job applicants. It comes after a young man blogged that a potential employer had asked for his Facebook password during a job interview. In a note on the Privacy page added this morning, FB Privacy honcho Erin Egan also …

COMMENTS

This topic is closed for new posts.
  1. Cameron Colley

    Wow, not often Facebook do somthing I agree with.

    Does this mean if your employer, or potential employer, asks for your password you can say "No way, Dumb Fuck!"?

    1. ShelLuser

      @Cameron

      Careful now with hasty assumptions.

      For all we know they might also consider to offer those companies a deal they can't refuse.

    2. Anonymous Coward
      Anonymous Coward

      can't

      Wait for the test case

    3. Anonymous Coward
      Anonymous Coward

      Re: Wow, not often Facebook do somthing I agree with.

      Sigh, so you fell for that then?

      Don't forget that words are seriously cheap - it's only in actions that you learn intent. If you need any other examples, think of teh "Do no evil" Google.

      Sjeez, people believe anything these days..

      1. GitMeMyShootinIrons

        Re: Wow, not often Facebook do somthing I agree with.

        I agree. The words are pretty, but I still wouldn't trust them 100%. Credit to them though for their position.

        If a prospective employer asked me to give them those details, I'd leave the interview. I wouldn't want to work for a company that wanted to even ask if they could pry into my own private life.

        1. Tom 13

          Re: If a prospective employer asked me to give them those details,

          I've been thinking about what the appropriate response to such a question would be. I did consider the walk out route. But I think I came up with a better one:

          No, I won't give you the password to my Facebook account. If you want to see my Facebook page, send me a friend invite and tell me the name now and I will approve you as a friend. But if I give you the password to my Facebook account, you'll never be able to trust that I won't give someone my password to your company system accounts.

          I don't object to them seeing my Facebook page. I don't believe I have anything incriminating there, if I did it would be gone in a New York minute. If don't want to friend them, just use the last part and turn it around on them.

    4. Anonymous Coward
      Anonymous Coward

      Re: Wow, not often Facebook do somthing I agree with.

      Of course if gave my own personal information away so easily you can bet your life I'll sell your company secrets for a wage too.

      Quid pro quo

    5. Haku

      Re: Wow, not often Facebook do somthing I agree with.

      Basically Facebook want to protect the data on their network, the fact that it happens to be data you put into their network doesn't have much to do with it.

      1. h4rm0ny

        Re: Wow, not often Facebook do somthing I agree with.

        Way I see it, Facebook's objection is that the boss is viewing the data without having to pay them for it.

  2. WonkoTheSane
    Trollface

    Do what I'd do...

    Tell them you don't have a Farceberk profile.

    (Except I wouldn't be lying)

    1. Anonymous Coward
      Anonymous Coward

      Re: Do what I'd do...

      It would almost be worth setting up a facebook account so you can hand over the login and then report them for abuse.

      What sort of reasonable employer cares what you do outside work anyway?

      1. Anonymous Coward
        Anonymous Coward

        Re: Do what I'd do...

        "What sort of reasonable employer cares what you do outside work anyway?"

        A lot of them, if recent trends are any indication. It's been quite some time since a month went by that I didn't hear about someone getting in trouble at work for something on their Facebook, and I've even been asked to investigate a case of an inappropriate post on behalf of my employer (the employee in question was a teacher who had stupidly asked his student's to friend him then posted cover art from smut novels, but still...)

      2. Stan Wright

        Re: Do what I'd do...

        Report them to whom? Facebook's policies don't apply to third party employers. Facebook can make up any rule it likes, but it's powerless to make anyone obey.

        1. Ommerson
          Stop

          Re: Do what I'd do...

          An employer coercing credentials out of a candidate and then using them against Facebook's terms of service may be committing a number of criminal offences.

    2. Anonymous Coward
      Anonymous Coward

      Re: Do what I'd do...

      I did just that recently in a Job Interview.

      Q: What are your Facebook, Twitter and LinkedIn ID's.

      A: I'm awfully sorry. I don't have an account on any of those services.

      Then I spent the rest of the interview defending my so called 'Luddite' attitude.

      My simple explanation was that, yes I was on LinkedIn once. I linked up with some old friends. From their lax security, someone else was able to find out a lot about me and my history. They then attempted to steal an my Identity. This attack included forging a passport and other documents in my name. Then they 'sold' my car on the internet.

      It took me more than a year to fix my identity.

      After 30 minutes of being called a luddite, I walked out with the parting words,

      'The world would be a better place if more people were concerned about their privacy. If exposing myself on the internet is a condition of employment then I'm not interested'.

      Anon naturally.

      1. Anonymous Coward
        Anonymous Coward

        Re: Do what I'd do...

        It's alright if you're applying for a job that isn't anything to do with the internet.

        If you're a web dev / columnist, unfortunately, you either give it to them, or you won't get the job.

        Imagine a web dev / columnist that says he hardly connects to the net.

        We're stuck between a rock and a hard place.

        1. Chris 3

          Re: Do what I'd do...

          Yeh, because I bet HR has all the login details for every hack who works on El Reg.

          Personally, if I were asked, I would say

          "I'm assuming you are asking this to see whether I am sufficiently Internet savvy to be aware of the issues involved in sharing a password with someone, both in terms of breaking the EULA , and the possible problems in employment law, opening a potential employer up to accusations that they made their decision based on marital status, sexual orientation etc... so the correct answer is, 'i'm afraid I have to decline'.

          I don't give anyone my passwords, ever.

          1. Fred Flintstone Gold badge
            Stop

            Thank you, exactly my opinion too.

            If I was prepared to give up my own privacy for a financial incentive, there is always the possibility I might do so too for corporate resources. Nope.

            Besides, if they want to look they can see the public data. The rest is 100% my own (not that there is anything I do not expose business contacts or family relations via anything online).. For the rest, tough luck.

        2. Anonymous Coward
          Anonymous Coward

          Re: Do what I'd do...

          2 accounts! If have to explain what I mean by that then well ...

          Just say to them I dont have time for Losserbook, you would rather be working than being apart of creating the next episode of Jeremy Kyle.

        3. moiety

          Re: Do what I'd do...

          I don't do facebook because I work on the internet. I know enough about how it works to know, absolutely, that I want no part of it.

      2. Anonymous Coward
        Anonymous Coward

        'Luddite' attitude

        Oh! So those who are clever enough to realise that FB is an unneccesary waste of time, because we can still contact our friends and colleagues without posting on a "wall" are now considered Luddites'?

        What a fool! I'd have laughed at them and pointed out the errors in their thinking!

    3. Anonymous Coward
      Anonymous Coward

      Ludd was a liberal

      The question requires three responses

      1) I don't have any social networking accounts

      2) If I I did I wouldn't give you the logins

      3) Goodbye

  3. asdf Silver badge
    FAIL

    Translation: dont muscle in on our racket

    Of course FB doesn't want companies to get employee information for free. Selling information is FB main revenue stream after all.

    1. Alan W. Rateliff, II
      Paris Hilton

      Re: Translation: dont muscle in on our racket

      I was thinking this, myself. I then carried it further to Facebook offering a "sneak peek" service for employers to buy into to investigate applicants.

      Paris, offering a "sneak peek," but not for free, of course.

  4. jacobbe
    WTF?

    protect yourself

    After a bad experience with an employer not honouring a perk offered verbally in an interview situation, i now tape any job interviews. I think that it is prudent to protect yourself from this nonsenese.

    Any employer asking for passwords is a very bad sign. It is probably not worth taking the job.

    1. Anonymous Coward
      Anonymous Coward

      Re: protect yourself

      Be careful.

      Taping without the other party's consent is illegal in some countries (intercept law), and in the UK you may tape unannounced, but only for your own use. Even if you correct your notes using a recording you are no longer able to use them in court - but that obviously pre-supposes anyone finds out that you taped it first..

      But yes, having a recording is so much easier..

      1. Tom 13

        Re: Taping without the other party's consent is illegal

        Protecting yourself there is simple: At the start of the interview you explain you are taping to protect your legal interests, and if they object you walk out of the interview.

    2. Gordon 10 Silver badge

      Re: protect yourself

      WTF. Think about this. If an employer is wankish enough not to give you something they offered in the interview without a reasonable explanation then why work for them? If its not explicitly written into your contract or offer letter you shouldn't expect it - that's your point of maximum negotiating strength.

      And as for recording the interview. If an interviewee asked me to record our conversation they would be out of there so fast their head one spin. I would't employ anyone whose unwilling to start on a basis of a shared professional trust.

      1. Anonymous Coward
        Anonymous Coward

        Re: protect yourself

        "And as for recording the interview. If an interviewee asked me to record our conversation they would be out of there so fast their head one spin. I would't employ anyone whose unwilling to start on a basis of a shared professional trust."

        Every company I know of insists on recording every time I call them - where is the mutual professional trust there?

        Yet you (and others) insist that it's some sort of breach of trust if a current or prospective employee asks to record a conversation with you? Are you really that scared you'll get caught out in a lie?!?

        Given that recording a conversation can protect both sides, if one side is extremely anti recording, it makes me doubt their trustworthiness.

  5. heyrick Silver badge

    Flat NO.

    A pushy employer can *look* at my profile on my mobile, while I am present, but no way in hell I'd let anybody have my password just because they ask.

    That said, even *with* my password, it would be no good. Logins from unknown devices need a code sequence entered before anything happens.

    Employer wants password *and* authorisation? Fine. You hand me the legal warrant and I'll hand you the info, else piss off. What is to stop them, then, posting as you? Or anybody if they are lazy with how this information is stored. What next, copies of my house keys so the boss can rummage around one rainy weekend?

    1. Sir Runcible Spoon Silver badge

      Sir

      "What next?"

      Your pin number and debit card - I'd just like to have a quick look at your account to verify you aren't in debt (yet).

      1. Anonymous Coward
        Anonymous Coward

        Re: Sir

        My employer does credit checks on some staff (e.g. ones handling large amounts of money).

        Seems reasonable enough to me.

        1. Anonymous Coward
          Anonymous Coward

          Re: ones handling large amounts of money

          I'll find that acceptable employer behavior right after your company agrees that employees handling large amounts of money can work alone in the vault with all that money.

          And yes, I expect I HAVE handled more cash money as a treasurer for an organization than any of the people you run credit checks on. At the time, I would probably would have failed your credit check.

          Anon, because of the large cash handling.

    2. dssf

      Re: Flat NO.

      Here is what FB can do to prove it is sincere:

      Prior to interviews, an applicant would pre-set the authorization code to one of two options:

      a = the name of the employer and the name of the interviewing officer, information which will be known in advance in most cases

      b = the abort code

      c= the continue logging in with pre-interview code, preserving the *a* code in case said interviewer attempts to log in even after hiring or declining the applicant

      Then, if asked, the applicant can choose to be serious or play games. If serious, the applicant can reply in the negative, but if pressed for it and if desperate for the job, the applicant can hand over the *a* code and wait for a facebook notification. Even if the applicant ultimately does not land the job, the applicant AND facebook can still determine WHICH COMPANY attempted to log in.

      To make things dicey, facebook needs a log in app that requires the eye shot of the person entering the code. That means an employer needs to surrender to the eye shot at the interview before getting the code. If THEY refuse, then you DO NOT want to work there. But, later, in case they try to log in anyway, they might have already surrendered an eye shot from their own phones for logins, in which case FB can link up fraudulent log in attempts directly to a person, so long as the fraudulent log on is not done with a 3rd party under duress to do an eye-supply and take the fall.

      Has anyone yet heard of a fingerprint reader-capable LCD? It would be interesting if phones had two-factor logins base on those: key in or swipe in AND press one's thumb on the LCD for a scan.

      Anyway, action *c* from above would hopefully help to deter disgruntled applicants from abusing the abuse-deserving fools who insist on having the applicant's password. Punishment and protection would have to work both ways, in case it really is being asked just to weed out stupid applicants, who probably do NOT deserve the job if handing over his or her password at an interview.

      1. Fred Flintstone Gold badge

        Re: Flat NO.

        Not that I'm a fan of Farcebook but I don't see why they would have to implement such a system to collaborate with something that is flat out unacceptable. By implementing this they would indicate some kind of acceptance of this practice, which in itself is quite a risk for them.

      2. Woodnag

        Re: Flat NO.

        Why would FB want to do this? The applicant is not a useful source of revenue to FB. The hiring company could be easily such, if FB adds features quite different to your suggestions.

  6. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      Re: They can have it...

      I've always wanted to visit Ulaanbaatar. If I finally make the trip, would you mind if I pop in for a pint of kumis?

      1. Turtle

        Re: They can have it...

        "I've always wanted to visit Ulaanbaatar. If I finally make the trip, would you mind if I pop in for a pint of kumis?"

        An El Reg reader is always welcome in his ger!

    2. Ilgaz

      Re: They can have it...

      So by idling and yet having account on facebook with friends saves you from that gigantic scheme? It doesn't.

      Especially in IT , giving a password to any third party, even if it is yours is a horrifying sign showing lack of responsibility and basic security practices.

      perhaps companies are baiting..

  7. Gene Cash Silver badge

    I still think this is a stupidity/trustworthiness test

    Anyone I interviewed who DID had over his password would quickly find his application in the round file as a security risk. Plus it would be interesting how they would phrase the "no, I don't think so" because that would show how well they deal with conflict.

    1. kain preacher Silver badge

      Re: I still think this is a stupidity/trustworthiness test

      You are absolutely right., They are looking people to dumb/to desperate to assert their rights. Bob we are going need you complete those reports by 9am Monday or you are fired.They tell you at 5pm Friday Oh by the way you worked 2 hours of over time this week. Would be cool if we just erase those 2 hours so I don't have to write you up. That would be swell Bob.

      1. Tom 35 Silver badge

        Re: I still think this is a stupidity/trustworthiness test

        The examples I've read about were all McJobs. They are just looking for people who will take a crappy job where they have you on camera because they don't trust you already.

        Not the type of jobs were you have the domain admin password, or the key to the front door.

    2. Neil Barnes Silver badge

      Re: I still think this is a stupidity/trustworthiness test

      "Are you asking me this to determine whether you can trust me with secrets, or to see how I handle telling the boss 'no!'?"

    3. mark11727

      Re: I still think this is a stupidity/trustworthiness test

      Reminds me of the old story about how Thomas Edison would go to lunch with a prospective employee, and then NOT hire them if they salted their meal BEFORE tasting it (something about not wanting to have people who pre-judge situations before getting all their facts, or whatever).

    4. mark11727

      Re: I still think this is a stupidity/trustworthiness test

      "I'm sorry, but the standing rule in any place I've ever worked was that login credentials were NEVER to be shared. I hope you'll understand if I continue that policy here."

    5. Ilgaz

      Basic answer

      You can say "the information you want from me isn't just risking privacy of me but risking other people such as my friends and family"

      I said it to idiotic Mac service asking for my administrator password on phone.

  8. Christoph Silver badge
    Flame

    They want me to betray my friends?

    If you hand over your passwords you are giving them access not only to your personal private information but to that of any of your friends who have given your account access to their postings.

    If they are deliberately selecting for employment the kind of people who would betray their friends like that then stay *well* away from them.

    1. LaeMing
      Trollface

      Re: They want me to betray my friends?

      "If they are deliberately selecting for employment the kind of people who would betray their friends like that then" ...

      you are being interviewed for a middle-management position.

      1. Anonymous Coward
        Anonymous Coward

        Re: They want me to betray my friends?

        I'd consider the 'middle' superfluous.

    2. Anonymous Coward
      Thumb Up

      Re: They want me to betray my friends?

      Interesting point raised there. The only apparently reasonable justification for this practice that anyone has come up with, here and in previous threads, is that it may be justified for security vetting.

      But the kind of person who "...would betray their friends ..." just for money is the last sort you should trust in a sensitive post.

  9. Dibbles
    WTF?

    But but but...

    On what grounds would Facebook take legal action against such an employer? Where? How? Just.... why?!

    1. kain preacher Silver badge
      Go

      Re: But but but...

      Interference of contract, interfering with business.

    2. Cameron Colley

      Re: But but but...

      I'd guess some kind of fraud or passing off. The company would be misrepresenting itself as that user to gain information. I imagine it is similar to if you gave away your work password and someone logged in as you.

    3. JohnG Silver badge

      Re: But but but...

      "On what grounds would Facebook take legal action against such an employer? "

      Unauthorised access of Facebook's computer systems. Like most organisations, FB allows access to their systems only under their own Terms & Conditions - which don't allow access to someone else's FB account: "You will not solicit login information or access an account belonging to someone else.".

    4. Ilgaz

      Check the back of your cc/atm

      Banks fixed it years ago. They own your credit card as an object granted to be used by you so you can't hand it over to another person. If it is stolen, it gives them grounds to be involved in case etc.

      Even basic promotion (profiling) cards have it. It depends on which country you are in though.

  10. Anonymous Coward
    Anonymous Coward

    This sounds interesting

    What if the employer happens to be Google? do they really want to go against a megacorp which is arguably bigger than them? thought not, this is just to frighten the smaller corps.

  11. The Unexpected Bill
    Flame

    Here's what I don't get...

    Why would anyone ever turn this information over to a potential employer? I think that would be a huge warning sign. After all, what might they ask about next? Political leanings, hobbies, religion, sexual orientation?

    Laws probably vary by jurisdiction, and even then I don't know that a potential or existing employer could force anyone to do this, other than through the order of a court of law.

    There was a story on National Public Radio about a man who was told to divulge his Facebook credentials when he re-applied for a job, so I guess it's spreading.

    Obnoxious opinions: A) I'd never bank on Facebook choosing to do the "right thing". B) I'm still so very glad I don't have a Facebook account. (And yes, I know that this could well be extended to other forms of social networks beyond Facebook.)

  12. Joe Drunk

    Doesn't change much

    As prospective employers can still compel you to friend them. I am one of the few remaining humans on this planet who doesn't use Facebook, Twitter, etc. due to an active social life and lack of craving for constant attention. It's a shame that companies are taking advantage of desperate job seekers and I believe it will only get worse.

    The only advice I can offer is the same offered by Dominic Connor who recently wrote an article here which pretty much sums up the last 12 years of my life in IT.

    http://www.theregister.co.uk/2012/03/21/how_to_get_paid_more/

    After taking a 15% pay cut I moved to a new position with 25% increase, 40 hour work week and somehow was exempt from pre-employment credit check and drug screening. Perception is all that matters in corporate not education, experience or certifications.

  13. Anonymous Coward
    FAIL

    My responses:

    "We want your Facebook profile and password"

    Response 0:

    "You first"

    Response 1:

    "I want your bank account ID and password".

    Response 2:

    "I want a unicorn pony. The difference is, with genetic engineering, I might one day get what I want."

    Response 3:

    "Either this is a test of how well I manage security, or a gross invasion of my privacy. If the former, I am not sure I want to work for you. If the latter, I definitely don't want to work for you. I am sorry you have wasted my time - this interview is over."

    Response 4:

    (I shan't write it, but it is one of the shortest English language sentences, consisting of seven letters, a space, and a period, a vulgar imperative verb and a second person pronoun.)

    1. Sir Runcible Spoon Silver badge

      Sir

      Response 5:

      "Fuck off."

      :P

    2. gotes

      Re: My responses:

      Yes, it's an intelligence test: either by the employer or for the employer. If they are for real then you really don't want to be working for them.

  14. Kevin Johnston Silver badge

    Passwords

    You could always ask to see a copy of their company policy is on computer accounts and passwords. Bit hard for them to expect you to hand over personal account info if employees are required to keep everything secret.

    Used to have a FB account as my wife/kids needed extra friends for some game or other but it wasn't my real name and I can't get back into it as I don't remember the DOB I used. Ah well, not that much of a loss I suppose.

    1. Woodnag

      Re: Passwords

      Yes! And if their followup response is that they expect (or for the purpose of the interview, presume we expect) employees to provide this info on request, the interviewee's response should be to re-iterate the request for the policy, since if that's the case the company is probably not an attractive employer.

  15. Will Godfrey Silver badge

    I would get up and walk out, without saying a word.

  16. David 45

    Dirty linen

    I am also one of the few human beings on this earth who regard these so-called "social networks" as an infernal nuisance and a danger to privacy in general. I wouldn't touch any of them with the proverbial ten foot barge-pole. What enjoyment anyone gets from baring their soul and airing their dirty linen in a very public way is totally beyond me. If I had my way, the likes of Facebook would be legislated out of existence. People (and we are probably talking about a certain type with limited intelligence here) do not seem to fully comprehend the repercussions in later life resulting from perhaps publishing pictures of a drunken binge, for instance. I try and remain as anonymous as possible - even when adding comments!

    1. N2 Silver badge

      Re: Dirty linen

      Sir,

      How very aptly put, the less the Internet knows about me the better, I reserve the right to offer the minimal information, lie about my age and anything else when submitting information that said service has no right to request & may also spew to a bucket load of (not very) carefully selected companies.

      & the sooner the rest of humanity does likewise, the better.

      1. Thing

        Re: Dirty linen

        You don't have to post pictures of drunken binges. I usually only post random stuff which I come across which I think my friends might also like to see e.g 'Celebrities Who Look Like Mattresses'.

        Not much help to any potential employers I'm afraid.

    2. Lord Lien
      Alert

      Re: Dirty linen

      Troll post or humour thats gone wrong.

      "I try and remain as anonymous as possible - even when adding comments!" O'rly David 45 :p

      1. SYNTAX__ERROR
        FAIL

        Re: Dirty linen

        So go ahead and track him down using that information. I am sure there are only 45 Davids in the world and somewhere is a database linking their assigned ordinal to their address, bank details, family tree and national insurance number.

  17. dssf

    WHOOOAAAAA!!! WHOOOAAAAA!!! WHOOOAAAAA!!!

    WHOOOAAAAA!!!

    FUQIN AYE!!!! GO FACEBOOK. Hair on my neck stood up just now. This is the FIRST time I have ever frackin' fisted the air and hi-5'd facebook!

    I hope FB's CTO actually DoEs shut down those snooping employers, and I hope each shut down comes with a "good-bye YIPPIE KAYAE, MOTHAFQQA!"

    1. Anonymous Coward
      Anonymous Coward

      Can you kindly let me know what you're drinking/smoking/eating or otherwise polluting your brain with so that I can make sure I avoid it? Thanks.

  18. Steve Knox Silver badge
    Holmes

    Really and For True?

    "And anyone in breach of the Facebook regulations can have their account deleted."

    Since Facebook previously wouldn't even delete your account if you're dead, this is a massive turn-up for people who have regretted signing up with them...

    Or by "deleted' did you mean "locked and archived so Facebook can still retain all of your personal information and continue selling it to whomever they wish, but you now have no rights to update or alter it", which is their standard practice?

  19. Bracken Dawson
    Thumb Down

    Two ways to dissuede intelligent applicants...

    1. Attempting to gain access to social media content that you otherwise cannot.

    2. Requiring pain in the arse assessments, like a 15 minute automated skype video interview which gives you 5 minutes to answer each question to camera. I wouldn't have done that even if I did have a fast enough broadband connection back then.

  20. LinkOfHyrule
    FAIL

    The effing cheek!

    I would not work for anybody who wanted to log into my private accounts - absolutely no chance even if I was starving. The effing cheek!

    If I am ever asked this in an interview I will laugh in their face. "You seriously think I am stupid enough to tell you my private log in details? Well in that case we have clearly established that I am over qualified for this position, I bid you good-day."

  21. Anonymous Coward
    Anonymous Coward

    If you tolerate this then your children will be next

    What next, a clause in your employment contract saying your boss can name your children and pleasure your wife every other Tuesday, and you have to stand there and act as a fluffer before washing the sheets afterwards?

    It's the dumb suckers who agree to this I feel sorry for. All you need are a few weak people to agree to a couple of overly pushy employers and then a precedent is set which employers regard as 'standard practice' for all subsequent employees.

    You may work for them because you need the money, but they need staff. You're both getting something out of it, You're not surfs, owned by them, so stop acting that way. Employers need to be pushed into supplying face masks, clean air, working toilets and just about anything else because they're like that. This is no different, and they need to be made to stop.

    1. Fred Flintstone Gold badge

      Sorry to be the first to tell you this, but your children have already been served to the Great God of Tracking. There is no minimum age in any Data Protection policy.

  22. Stan Wright

    Facebook has a totally unrealistic opinion of its own importance. Its hilariously pompously named "Statement of Rights and Responsibilities" binds no one to anything, least of all a third-party business or employer.

  23. Anonymous Coward
    Anonymous Coward

    Think about the company and the job before you respond....

    Guys,

    Think about this carefully if you are asked for your Facebook / other social media site credentials in an interview. Who knows, you might really want / need the job. On the other hand, you may not really care if you get the job or not but surely its better to be professional throughout the process and never lose your cool. I think its important to consider your actions and at all times remain polite. I would think this scenario can play out in a couple of ways:

    1. They genuinely need to find out who you are: If its for work in a company / gov. dept that requires security clearance (SC / DV / MV etc) up to secret, top secret whatever, then chances are you are going to be vetted anyway and that can involve interviewing your family members, even friends. They will also dig very deeply into your background and financial records. They might genuinely ask for your Facebook credentials and look into your background as a requirement for security clearance. I think the best way to deal with this situation is to request the official SC / DV / MV forms before revealing your Facebook credentials. There will be (and is) a set process for this type of 'vetting'.

    2. They are testing your security stance: If I was asked in an interview for these details then I would probably politely reply with a question asking for the reason they require my login details and then remind the interviewer that its bad security practice to ask for login details and even worse for me to reveal the details. Do this BEFORE you deny access or walk out. You might be surprised to learn that politely questioning their motives is the exact kind of attitude they are looking for in an employee. It all might be a test and the key here is to remain professional. Don't be an idiot and don't reply with something sarcastic.

    3. They are wanting to examine your Facebook profile and there is no requirement for security clearance: These types of companies are the ones to watch. Think about the company for a moment before you answer. Your probably going to be pigeon holed in a role and be micro managed 100% of the time. You might find yourself in a company which views the barrier between home and work life as a very grey line. But if you are going for an interview with a company I would have expected you to do your homework before going. Find out who they are, what they might ask in an interview, ask around friends and colleagues. If you suspect you are in an interview with a type 3 company, ask the same question as point 2 above. See how they respond. You can always deny you have a Facebook account or better still disable it before your interview because you will have done your homework and know what kind of a company you might be dealing with. Don't be rude, you never know when you might be revisiting this company in the future when you NEED a job. Personally I would not reveal my credentials but I might offer to 'friend' one of their HR reps if they want to view my profile and I really needed the work.

    I think the most important thing is to never be rude. Keep your cool, stay polite and genuinely ask the question about why they want your credentials before assuming its for something like snooping or covert monitoring. After all, you don't want to make a name for yourself in the HR / recruitment circles as being rude, arrogant and unprofessional. Not in this job market anyway.

    And, I'm not a Google Plus user but I suspect the logon details for Google Plus might even allow access into your GMail account, online photos and all other aspects of the Google Suite of apps? Or are the credentials separate for each part of Google? I think I will stay away from Google Plus.

    Regards.

    1. Anonymous Coward
      Anonymous Coward

      Re: Think about the company and the job before you respond....

      All good advice - be prepared and be polite. On the subject of preparation, a copy of FB's new privacy page would be worth having to hand should you want to object to a request.

      I do have a bit of difficulty with point 1, though. I can understand that high security clearance might require that they know a lot more about a candidate, but in acquiescing to such a demand the candidate reveals a careless attitude to the privacy and confidences of others - hardly an encouraging sign. If I were presented with such a request then I would decline, regardless of the consequences.

      1. Anonymous Coward
        Anonymous Coward

        Re: Think about the company and the job before you respond....

        I've actually held security clearance (thankfully expired now) and I know that they do not check Facebook or any other social media system as a part of the clearance process. It's simply not reliable - you are basically telling the world what you want it to hear, which is probably a long way from the actual truth. Plus the security services have much more effective ways to dig into your background.

    2. Iain Thomas

      Re: Think about the company and the job before you respond....

      Hi.

      Yup, not only Gmail, but also Checkout/Wallet. Get a G+ password, and y'cn start ordering stuff.

      -- Iain.

    3. Anonymous Coward
      Anonymous Coward

      Re: Think about the company and the job before you respond....

      I have a friend who worked for GCHQ. He sacrificed his entire life for that, wouldn't even have an internet connection at home. Fuck that. It had better be bloody good work.

    4. /dev/me

      Re: Think about the company and the job before you respond....

      Scenario #1 is I think the only valid case for employers to ask for FB details.

      The times that I saw a SysAdmin job opening on such an institute, it made it absolutely clear that the candidate should have no misconceptions that a very extensive security screening is part of the selection process. They don't surprise you with these kinds of questions in an interview. The security screening is formalized as part of the procedure.

      Alas, as thoughts about high levels of security kept triggering my fetish for KGB agents of the long blond hair, big boobs and leather pants variety ("Ve vill be talked about zekret in hotel room")... I never really came round to applying.

    5. Anonymous Coward
      Anonymous Coward

      Re: Think about the company and the job before you respond....

      It's also worth pointing out that on both Facebook and Google+ you can create lists or circles with extremely limited profiles (so that they see no more than the public) and dump any HR 'friends' in there, although I would probably just walk (politely).

      Any employer who asks to invade my privacy as a pre-requestite of employment is not the employer for me.

  24. Anonymous Coward
    Anonymous Coward

    user:pass

    1. Is the facebook account an advertising point for something like a band?

    1a. Does the person asking have any experience with security or computers or programming or webmaster and actually have a NEED like say the bands label or some other promoter posting ads for concerts? (there may actually be a NEED here)

    2. Would you give someone root on an unmanaged box without knowing anything about them?

    3. Would you give them root on a managed box without knowing anything about them?

    I think the bottom line here is we have a bunch of people on the web who don't know jack about security, police state laws, or tcpip. So they give their shit away like the dumb muppets they are.

  25. Anonymous Coward
    Anonymous Coward

    Or you could try...

    "I devote so much time to my work that I don't have time for Facebook."

    ;-)

    1. Anonymous Coward
      Anonymous Coward

      Re: Or you could try...

      or, "Steve Jobs was my hero, you may want to make it fast because my car without out license plate is parked in your one handicapped spot and OSHA is on the way over and they're bringing La Migra with them. BTW, my FB page is in a little known Arabic dialect used only in the tribal areas of Pakistan. For some reason it loads very slowly and asks if you are selling lemon cake .... no ... yellow cake, yes, that's it. Won't be a problem, will it ?"

  26. Anonymous Coward
    Anonymous Coward

    fake accounts

    Cant say that anyone has ever asked me for a password to anything but if push came to shove and i had no choice, then why not just set up a fake account, you can quite easily auto post status updates on a schedule - "i love my job", "my employers are lovely", "My employers treat me right", "My employers love me and they only asked for my password so that they can take better care of me"

    that sort of thing.

    Then hand over the password to that one.

    Still, No company has any business asking for this information, Is it an american thing?

    With the recent Uk government suggestion that they want access to our facebook accounts i kind of just stopped using it anyway, in this day and age you cant trust these people not to abuse it and to keep it secure.

  27. SPiT
    Alert

    All this seems kind of illegal to me

    Under English law the potential employer would have two rather serious issues assuming the Facebook terms and conditions forbid you to share your password and access to the account (I haven't even bothered checking as this is bound to be true)

    First

    By asking you to hand over your password in breach of your contract with Facebook the interviewing company has broken UK employment law. I'm not sure what the consequences are but you could take them to a tribunal if it is the reason you didn't get the job.

    Secondly

    Since Facebook have not given you the right to authorise their accessing your account than if they access it (or even just try to access it) they are in breach of the computer misuse act which is a criminal offence. If they ever tried to use information in a legal way that had been acquired by accessing your account it would have to be presented by a witness who explicitly claimed to have commited the offence (not a good move).

    Bottom line is Facebook are correct, under English law this actually does amount to hacking.

    1. SPiT

      Re: All this seems kind of illegal to me

      I was forgetting

      Its probably a breach of the human rights act as well. Strikes me this represents a clear breach of privacy and there is no way it qualifies for any of the exemptions.

      I would not want to be an officer of any company following this practice in the UK

      1. Jimbo 6
        Devil

        Re: All this seems kind of illegal to me

        IANAL, but I think previous posters saying that they would take the line “I presume this is some sort of test” are missing a trick.

        Given that accessing the account would be a breach of the Communications Act (in the UK), surely the very act of asking for your login credentials is a criminal act in itself ? Not sure whether it could count as blackmail (if you don’t do X, then we won’t give you a job), or bribery (we *will* give you a job if you do X), but it’s certainly ‘social engineering’, to get unauthorised access to a system.

        I don’t see how it is therefore any different from the interviewer saying “one last thing…suck my cock”. He has committed a criminal act, and this isn’t negated by him backtracking and saying “oh that was just a test to see how you’d react, hahaha”.

        Interested in people’s opinions on that… but if I’m correct then the appropriate response would be to advise them that they have just committed an offence, and you *are* going to report it to the authorities – and then walk out.

        Personally I’d also contact media such as El Reg and the Grauniad, and as you didn’t get the job, there should be no problem naming company names, either…

        (Thinks : I’m not actually looking for a job at the moment, but I might just start applying for a few, just for the laughs mwahaha…)

        1. Loyal Commenter Silver badge

          Re: All this seems kind of illegal to me

          My response would probably be to ask for a signed, preferably witnessed written statement that they required me to hand over this information for the job, and then take that to a lawyer for an assessment of my options.

  28. Timmo
    Black Helicopters

    Previous employers

    I don't think anyone has mentioned this but what about previous employers. If a potential employer had access to your account and you had "friended" any work colleagues, even if you were very careful about the data you posted, it would be an easy way for them to head-hunt or solicit potentially valuable possibly industry sensitive information from them. A quick message to an ex or current co-worker "What do you think about this project ? I think it's heading in the wrong direction. " sort of thing (many people thinking of leaving an employer would be reluctant to tell their current bosses they were thinking of it until they had something secured).

    This is only a short hop from. He's a Military Officer, his son is looking for work. Invite him in. Get his log in details. Tell him he didn't get the job but we now know where and when his fathers next posting is. I know this all seems a bit black op's but isn't social engineering all about getting into peoples comfort zones to do nefarious things?

    BTW. Just because I mention friending co-workers doesn't mean I would do it but some peoples lives ARE work and do, whatever we may think of it.

  29. AbortRetryFail

    If employment is conditional...

    Notwithstanding the excellent advise to stay polite and professional, there is a possible legal issues of Economic Duress, Coercion of Will and possibly the Unfair Contract Terms Act 1977.

    I'm not sure which, if any, apply at interview stage as they are all contract law, but you could argue that an interview is the first steps to forming a contract of Employment.

    1. Anonymous Coward
      Anonymous Coward

      Re: If employment is conditional...

      There is no contract until such a time as they offer you a job and you accept. If the contract includes a clause that forces you to hand your Facebook login details over then you are bound by the terms of the contract (of course if they use those details then they are guilty under the Computer Misuse Act - pointed out by a previous poster). If they ask for the details without this being a requirement, and subsequently sack you for refusing, then an employment tribunal would probably find against them.

  30. P. Lee Silver badge
    Big Brother

    They don't need to ask

    Just use an SSL proxy with a "trusted" cert rolled out to the browser on your PC.

    They can then snoop all the traffic under their computer usage T's&C's.

    1. Dan 55 Silver badge
      Boffin

      Portable Firefox

      Fixes the naughty cert installed on the browser problem.

      Firefox is the one which uses its own cert management instead of the OS's, unlike the rest.

      1. SYNTAX__ERROR
        Boffin

        Re: Portable Firefox

        Certs irrelevant.

        If your only access to net is through a proxy, the proxy will be able to snoop on all of your traffic. Even if it is over SSL.

        If a transparent proxy is in use, one might not be aware of it or be able to determine so.

        1. Dan 55 Silver badge

          Re: Portable Firefox

          You do however get a certificate warning error if you have OCSP.

  31. Anonymous Coward
    Anonymous Coward

    Face Plant not likely to sue

    Don't believe the empty promises spewed by the clueless. Face Plant is not likely to sue as they would lose. An employer can ask any question that is not a violation of law. You can refuse to provide your password and they can refuse to hire you or they can fire you if you are a current employee.

  32. Anonymous Coward
    Anonymous Coward

    What the Acts actually say...

    I'm not a lawyer, but I can read.

    The "Computer Misuse Act 1990" says :

    (1) A person is guilty of an offence if—

    (a) he causes a computer to perform any function with intent to secure access toany program or data held in any computer [F1, or to enable any such accessto be secured] ;

    (b) the access he intends to secure [F2, or to enable to be secured,] is unauthorised;and

    (c) he knows at the time when he causes the computer to perform the functionthat that is the case.

    Regardless of whether you believe in Facebook's good intentions, any company which accesses a user account itself will fall foul of the act. It is clearly an offence for them to do so.

    The "Serious Crimes Act" says :

    45 Encouraging or assisting an offence believing it will be committed

    A person commits an offence if—

    (a) he does an act capable of encouraging or assisting the commission of anoffence; and

    (b) he believes—

    (i) that the offence will be committed; and

    (ii) that his act will encourage or assist its commission.

    So if a company asks for the account details, gets them and uses them, it will have commited an offence under the CMA.

    Given that the company's use of the credentials is a specific aim of the transaction both parties will have committed an offence under the SCA, even at the interview stage.

    A company may get away with 'just asking' at the interview, but any company which fired an employee for not complying with a demand to commit a crime must surely be liable for unfair dismissal at least.

  33. Jason Hindle Bronze badge

    Entirely consistent with Facebook's best interests

    For Facebook to remain successful and not go the way of MySpace, its users need to feel safe having a Facebook account and, in the case of securely locked down Facebook accounts, able to speak frankly amongst friends.

    1. SYNTAX__ERROR
      Trollface

      Re: "securely locked down Facebook accounts"

      Hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha.

  34. Cheshire Cat
    Meh

    Is this just a rumour?

    Has anyone (here) actually been asked for a password at an interview, personally, themselves? Not a friend-of-a-friend, or a story you heard, or something you read on the internet. Anyone have actual first-hand knowledge? Otherwise, I'll assume it is just another one of those pesky internet rumour nonsenses. Surely very, very few interviewers would be foolish as to ask for login details and expect there not to be trouble.

  35. Long John Brass Silver badge
    Black Helicopters

    Easy fix .... LinkedIn

    If an emplyer or agent want contact through a SocialMedia type website

    I usually tell em to contact me via LinkedIn

    LinkedIn for work

    Facebook for friends & family

    Usually give em my e-mail addy too

    But never ever give em your passwords, thats just retarded :)

  36. Anonymous Coward
    Anonymous Coward

    Good bye to your job

    If you're dumb enough to be on Facebook then you're dumb enough to be unemployed.

  37. Anonymous Coward
    Anonymous Coward

    Farcebook...

    As usual talking thru their arse.

  38. Anonymous Coward
    Mushroom

    No Problem.

    Tell them to look up the European Human rights act:

    the right not to be punished for something that wasn't a crime when you did it

    the right to respect for private and family life

    freedom of expression

    the right not to be discriminated against in respect of these rights and freedoms

    Company vs European Court.

    Good luck.

  39. foo_bar_baz

    Shut down application != account deleted

    "And anyone in breach of the Facebook regulations can have their account deleted.

    We’ll take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges"

    Application = FB application, not user account

  40. Anonymous Coward
    Anonymous Coward

    2 other possible options

    On the spectrum between refusal and acquiescence:

    Tell them you won't hand over login details but you will login in for them and supervise them while they access your social media accounts

    Tell them to email you when they are ready to login, mail them the password

    Ask them to first sign an indemnity against any loss or damges arising from misuse of your login details

    (it might be highly amusing watching them realise for the first time that their policy could land them in huge amounts of crap)

  41. Anonymous Coward
    Anonymous Coward

    Facebook

    What's a facebook?

  42. Richard Gadsden
    Happy

    I don't know my facebook password

    It's an auto-generated password stored in an encrypted file on my laptop, and then "remembered" by the facebook app on my phone. I typed it precisely once - into the fb app on my phone when I logged in the first time. Other than that, I just copy/paste when I want to log in.

    Since I wouldn't have my laptop (or the backups) with me in the interview, I couldn't give them the password. I take my security relatively seriously, and I would expect any job I apply for to take the same attitude

  43. Anonymous Coward
    Anonymous Coward

    Boo Hoo

    If you want employment then you'll comply as it is not a violation of any laws.

    1. Anonymous Coward
      Anonymous Coward

      Re: Boo Hoo

      I can think of four laws it is possibly in violation of in the UK just off the top of my head:

      Data Protection Act

      Computer Misuse Act

      Unfair Contract Terms

      European Convention on Human Rights

      1. Anonymous Coward
        Anonymous Coward

        Re: Boo Hoo

        As well as Employment/Discrimination Legislation - specifically you cannot discriminate against a person applying for a job (or anything really) based on religion, sexual orientation etc. so you can't ask for it as part of a job application or interview. Accessing somebody's farcebook account could/would reveal some information that cannot be used in reviewing your job application. If you didn't get the job you could easily claim that it was because they found out you were gay/christian/islamic/bisexual from FB and sue them for discrimination - something the company should be trying to avoid at all costs, as even the allegation of racism/sexism/homophobia can be damaging to an organisation.

        So that only makes 5 laws so far then....

  44. Anonymous Coward
    Anonymous Coward

    Multiple interviews...

    If asked to give the information (apart from trying not to burst out laughing) just give them a fake username or (if you actually have a real username) a fake password.

    If it was a test, and they say "Aha, we were testing you". You can say "I know - nobody is stupid enough to ask what you did, as it is illegal in so many ways, and only an idiot would answer it truthfully - hence I assumed it was a test and gave you false information".

    If it was not a test (personally I would leave at this point) and they tried the password and it didn't work, just say."Ah, the person who interviewed me earlier this morning must have changed my password. That's what happens when you give passwords out I guess."

  45. Kerebus

    A slightly different approach

    I'd be very reluctant to hand over login detials but If I really wanted/needed the job (principles are great as long as you can still pay the bills) and suspected that they might ask to see my FB profile, I'd simply add a status update along the lines of "Got an interview for a briliiant job with a great company later, wish me luck", then after a couple of days just change my password.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019