Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Have you listened to our podcast? Listen now

Hand over your Facebook username and password if you want a job

21 Mar 2012 78 Facebook, Law & order, Privacy, Social networks
Job interview - cartoon by Carole

Post navigation

Previous: Gmail explains why it put *that* email in your spam folder
Next: New Dr Who girl Jenna-Louise Coleman’s name exploited by Twitter sex video scammers
by Carole Theriault

Job interview - cartoon by CarolePicture it: you are at a job interview, and the interviewer requests that you log into your Facebook account so they can shoulder surf as you lay bare your profile in its entirety.

Worse, what if they ask you to hand over your Facebook username and password?

You might laugh and say I would never do that, but what if you really, really need a job? Many of us are desperate for work at the moment, so it is no surprise that some feel they must comply to avoid being stricken from the candidates’ list.

In the US, this tactic has been used with people applying for police officer or 911 dispatcher roles, according to an AP article. But the report says that it is happening elsewhere too.

The reason that an increasing number of employers want full access to a Facebook account is perhaps due to more of us hiding information from people we aren’t connected with.

Rob MacLeod was shortlisted for a police job in Baltimore when he was asked for his Facebook password. The Spec reports that:

The question startled MacLeod, now a bylaw enforcement officer in Peel Region. He had a personal policy of not sharing his password, no matter the circumstances. So when the request came, MacLeod offered to log in to his Facebook account and then leave the room so the interviewer could browse his page.

But he says the interviewer remained firm — he wanted the password. After a few minutes, MacLeod gave it to him.

MacLeod says he “felt like I was being pressured into doing it. It felt like if I didn’t do it, he would call the recruiter and say, ‘This guy’s not interested in the job'”, he told The Spec.

It is not surprising that this interview technique is riling a number of individuals and groups, including American Civil Liberties Union (ACLU) attorney Catherine Crump, who states:

It’s an invasion of privacy for private employers to insist on looking at people’s private Facebook pages as a condition of employment or consideration in an application process. People are entitled to their private lives. You’d be appalled if your employer insisted on opening up your postal mail to see if there was anything of interest inside. It’s equally out of bounds for an employer to go on a fishing expedition through a person’s private social media account.

And Orin Kerr, Professor of Law at George Washington University, told AP “It’s akin to requiring someone’s house keys… [It’s] an egregious privacy violation.”

One can understand that companies want to do everything they can to ensure that candidates will be a good fit and won’t jeopardize the company, but asking for the keys to their personal Facebook account seems many, many steps too far.

So, if you are out looking for a job, here are some tips to consider:

  1. Sanitise your account before you start applying for any jobs. Look for compromising messages, pictures, messages on walls, and remove or hide anything that you wouldn’t want a prospective employer to see
  2. You can quote Facebook’s legal terms, which clearly state that

    You will not share your password, let anyone else access your account, or do anything else that might jeopardize the security of your account.

    Explain that you are a law-abiding citizen, and you can in no way break this binding contract with Facebook.

  3. Hacker Factor author Neal Krawetz provides some advice, including exposing the company by anonymously posting online that they made this request during the interview. He also suggests that you consider suing them if you do not get the job.
  4. Tell them you don’t use Facebook. Review your settings on your How You Connect page under Facebook’s ‘Privacy settings’, you can tweak these, as shown below.

    This means that an employer won’t find you during a search. Even friends of friends won’t see you listed. The problem here of course is that you are lying, but my view is that human rights to privacy are a little more important than a white lie.

  5. Facebook setting

What do you think?

Related article: Read what happened Next…

Check out our Facebook page, where over 170,000 people regularly share information on threats and discuss the latest security news.

  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.

Post navigation

Previous: Gmail explains why it put *that* email in your spam folder
Next: New Dr Who girl Jenna-Louise Coleman’s name exploited by Twitter sex video scammers

78 comments on “Hand over your Facebook username and password if you want a job”

  1. Joel says:
    March 21, 2012 at 2:32 pm

    Another alternative is to flush facebook entirely. If you need a job to survive, you can certainly afford to ditch facebook. The world was fine before facebook 🙂

    Reply
    • GMR says:
      March 21, 2012 at 2:50 pm

      Or change your password the minute you get home from the interview.

      Reply
    • Daniel says:
      March 21, 2012 at 5:14 pm

      Or change your facebook name.

      Reply
    • music2myear says:
      March 22, 2012 at 1:17 pm

      Scorched earth. It works everytime. Except for the cockroaches, they survive.

      Reply
    • HOLALONG says:
      March 22, 2012 at 1:24 pm

      I AGREE. I DUMPED MY FACEBOOK ACCOUNT, 2 YEARS AGO. SECOND BEST THING, I EVER DID. YOU ASK WHAT THE FIRST BEST THING I EVER DID ? I DON'T REMEMBER !!!

      Reply
      • Anon says:
        August 15, 2013 at 5:14 pm

        That’s because you don’t have Facebook to remind you 😉

        Reply
    • Geir Laastad says:
      March 22, 2012 at 3:35 pm

      I have done just that. I deleted my facebook account after reading about that here on Sophos pages. I just decided I didn't want to be a facebook sheep anylonger. But before that article on Sophos, I was already sick and tired about facebook's way of making privacy difficult for everyone. They have hidden the "Delete account" button so good, it's almost impossible to find, -plus many of their other privacy settings which facebook are forced to have, but do not like you use, is also more or less hidden. The Sophos article helped me decide what I should have done long time ago:

      **Delete Account***

      I will never return to facebook…

      Reply
  2. Anonymous says:
    March 21, 2012 at 2:36 pm

    Not only "Should be" but I think there's a strong case to be made that it _is_ to ask for this information as it may compel a candidate to hand over information about their sexuality or religious beliefs – information that an employer is strictly prohibited from asking about during interview under anti discrimination laws.

    Reply
  3. NoSpin1600 says:
    March 21, 2012 at 2:41 pm

    I don't have anything on my Facebook page or in my profile that would prohibit me form getting any job but I do feel this is an invasion of privacy. I think corporations are taking advantage of the current economic situation and high unemployment rates to snoop on prospective employees. If they ask for my Facebook password I should be able to ask that they provide the username and password for the person who will be my supervisor so I can ensure I am going to work for a quality person.

    Reply
  4. S Burns says:
    March 21, 2012 at 2:41 pm

    I don't need to work for that sort of jerk to survive, thanks very much.

    Reply
  5. Tom says:
    March 21, 2012 at 2:42 pm

    In Finland we have this called common sense. And, oh, also, LAW. Here it is illegal for employee to search ANY information about you from the web prior to job interview (or after that). Proving they did could be tricky but still.

    You americanos are hilarious.

    Reply
    • ANONyMOUS says:
      March 22, 2012 at 12:37 am

      I understand in Finland that the employers there might be able to check your information and it is the Law, but don't you want your privacy, even if you are not hiding something

      Reply
      • Miles says:
        March 22, 2012 at 10:30 pm

        What? He said it's *illegal* for them to search for information on you.

        Reply
  6. Nick says:
    March 21, 2012 at 2:45 pm

    I don't believe it should be illegal to request it, just like it isn't illegal to ask for someone's car keys, however it should be illegal to not consider a candidate for a job based on their refusal to accept the request.

    Reply
    • Phil says:
      March 21, 2012 at 2:56 pm

      Absolutely agree.

      As another alternative, create a second facebook account with the same name and different email address, and use that to create a picture of the person you want them to think you are.

      Reply
  7. @etee says:
    March 21, 2012 at 2:47 pm

    Sure I'll give a prospective employer my Facebook ID and password – right after they give me the id and password for their CEO's email account! Fair is fair

    Reply
  8. MrsSpooky says:
    March 21, 2012 at 2:48 pm

    Deactivate the account before the interview so you can truthfully say you don't have Facebook. You can always reactivate it once you get the job.

    I know if something happens to my job and I have to start interviewing again, knowing this, I just might start deactivating the account before interviewing if they're going to be starting this BS.

    Reply
  9. Jakob says:
    March 21, 2012 at 2:49 pm

    You could also gain some time to clean up your profile by telling that you don't remember the password and have to look it up in your password manager on your home computer.

    Reply
  10. Rhonda says:
    March 21, 2012 at 2:50 pm

    Tell them to put this request in writing.

    Reply
    • CallToFreedom says:
      March 21, 2012 at 4:49 pm

      yes, the perfect line to use — so simple, yet so powerful.

      Reply
    • Greenaum says:
      March 21, 2012 at 11:18 pm

      GOOD answer!

      Reply
      • Neosimian Sapiens says:
        December 10, 2012 at 11:36 am

        Dear Mr. Smith,

        As you requested, we are putting into writing what we discussed at our interview with you. Accordingly, we record that we do not have an opening for you at this time.

        Sincerely,
        Consolidated Douchebags Inc.

        Reply
  11. Ben says:
    March 21, 2012 at 2:52 pm

    Just create a second Facebook profile for prospective employers.

    If I was asked at an interview to give up any password, I would think it was a test to check I understood information security- if a candidate for a Police job gives away a password to someone interviewing them, then they would probably be the type of person to give away a password when the “IT Dept” call.

    Reply
  12. anonemployer says:
    March 21, 2012 at 2:52 pm

    It is a bad choice for employers to request this information. If they learn from a candidate's FB page that the candidate has a protected characteristic (disability, religion, etc.) that they are legally prohibited from asking about in an interview, and then do not offer the candidate the position, they are setting themselves up for a lawsuit.

    Reply
    • Greenaum says:
      March 21, 2012 at 11:21 pm

      Hope so. Hope one happens soon. This is the sort of thing some halfwit reptile in HR (or "Personnel", to give it a sensible name) thinks up, then every other idiot in the same role hears about and starts doing.

      It's distressing to me, that so many of the smartest people have their employment managed by some of the stupidest.

      I can see a doubling of Facebook's user base coming up. Everybody's account, and everybody's fake work account. Would be a nice way of misleading the company, if they're stupid enough to believe what they read on Facebook.

      Reply
    • Beth j says:
      March 22, 2012 at 5:55 pm

      They are setting themselves up for a lawsuit IF it can be proved that employer discriminated on the basis of that, and also IF the person seeking the job could afford to sue. Few have those resources, and employers know this.

      Reply
  13. David says:
    March 21, 2012 at 2:57 pm

    You can also tell the person interviewing you that not only would you be in breach of contract if you gave them your login details, but they too would be breaking facebook's terms and conditions if they used that information…

    From Facebooks T&C:

    "You will not solicit login information or access an account belonging to someone else."

    Reply
  14. ankherplonk says:
    March 21, 2012 at 3:00 pm

    I'd terminate the interview immediately, mentioning privacy laws and common decency. My privacy is more important than their money.

    Reply
  15. Davidinmd says:
    March 21, 2012 at 3:06 pm

    If they can't see my profile through a public search, they have as much right to view it as they have the right to go through my mail, listen to my personal calls and voice mail. Which is to say none. Further, my age, race, religion, sexual orientation and other information that may be in my Facebook profile are not items that an interviewer is legally allowed to ask for in most situations. As a result, asking for access to Facebook should be prohibited on those grounds as well.

    Reply
  16. Myles says:
    March 21, 2012 at 3:10 pm

    I would simpy refuse if they asked for me to provide it, advising that I am not going to be pressured into breaking not only the T&C's of Facebook, I will not be breeching my freinds privacy & trust, and that my Ethics are stronger than that.

    Fortunatly I've not been asked for this kind of information in the UK yet.

    I would be tempted to lodge a concern with the company they are acting against the Computer Misuse Act, though I'm not sure if there is a US Equivalent?

    Reply
  17. Muddog says:
    March 21, 2012 at 3:14 pm

    Oh well guess i wouldn't get the job. I don't have a profile on facebook only a name and a few photos,But i'll be damned if i would let them or any one elce that i don't know have my password.

    Reply
  18. Suzanne says:
    March 21, 2012 at 3:14 pm

    I strongly recommend AGAINST lying in an interview, even if it's a question that you don't believe they have the right to ask. They still might agree to consider you if you refuse to give them the information, but if they discover that you were untruthful, you'll be automatically disqualified.

    Reply
  19. Derf says:
    March 21, 2012 at 3:20 pm

    My solution is that my facebook name is nothing like my real name, my userpic is never my face, and is tightly locked in the "friends" solution listed above – and even if it DID come up an employer would have to search for a name which looks nothing like my real one.

    You can then safely say you don't even have one. Just don't get caught surfing at work.

    Reply
  20. Compudoc says:
    March 21, 2012 at 3:24 pm

    You can certainly use the T&C statement that Facebook requires you to adhere to as a reason not to release the information. It is breach of contract.

    Reply
  21. John says:
    March 21, 2012 at 3:43 pm

    As various people have pointed out above this type of request exposes the company to numerous legal risks.

    Even searching a person’s public pages can create problems because it can expose the person making the hiring decision to information they are not allowed to request. For example you can’t ask “are you pregnant?” but that’s something you might discover on a Facebook page. Companies who do these type of searches often ask legal to do it for them and tell them whether there is anything relevant. If the process is done properly, it puts a firewall between the person reviewing public social networking information and the person making the hiring decision.

    Asking for and using the username and password is just plain stupid. It’s not just a violation of Facebook’s terms and conditions; it’s a federal crime. The interviewee could file a complaint with the Justice Department and the FTC.

    Reply
    • Mrs. W says:
      March 22, 2012 at 2:59 am

      Let's go for something that affects both genders equally.

      "How old are you?" (your birthdate is a required part of your profile, and wouldn't be hidden if they log in as you)
      "What religion are you?"

      Reply
    • Jon Fukumoto says:
      March 22, 2012 at 3:43 am

      You’re absolutely correct. An prospective employee can sue the company for using such tactics. I wouldn’t allow access to my Facebook account to anyone. This type of tactic has “lawsuit” written all over it, and I would refuse to work for any company who uses such unethical tactics. It should be illegal for any company to request access to anyone’a Facebook account, and that they face hefty fines for invasion of privacy.

      Reply
    • Mark says:
      March 22, 2012 at 1:46 pm

      Looking for information that they legally prohibited from asking IS EXACTLY why they want to look at a prospective employee's FB.

      Reply
  22. loren says:
    March 21, 2012 at 3:43 pm

    If your profile uses the new "Timeline", Facebook no longer offers the first option of limiting who can search for you by your username.
    https://www.facebook.com/help/privacy/basic-contr…

    Reply
    • caroletheriault says:
      March 21, 2012 at 4:29 pm

      We have just looked into this and it *looks* like the setting still works under the new timeline. If you select the who can look you up with your email address or mobile phone number option and you select Just Friends, it seems to do the same thing as it does currently and block people finding you by name….

      Reply
    • guest says:
      March 23, 2012 at 6:19 am

      no problem – my FB username is the (fictional) name of my character in an mmo that's associated with a free throwaway email address. All my FB settings are set to not show to anyone but me, and all the 'private' info inside my FB profile is bogus, and there is only one friend connected who's FB account is also setup and set the same way. They can search all they want, my name is not in FB anywhere except where it happens to match someone else who isn't me.

      Reply
  23. Brittney says:
    March 21, 2012 at 3:47 pm

    We shouldn’t have to go through the trouble of creating a “second” Facebook or deactivating one because a possible employer is trying to loophole their way out of asking questions. If they want information from us, that’s what the interview is for. To ask questions. It’s an invasion of privacy and Facebook has nothing to do with your qualifications for the job.

    Reply
    • @ericksoon says:
      March 21, 2012 at 8:28 pm

      I agree with you 100%, but when the only way to apply with a certain company was to give them access to Facebook, I created a new page. I have been looking for work much too long. It felt asking prospective employers into my messy house for tea. You had to wonder if the dog had dragged your underwear out.

      Reply
  24. @authorizedpants says:
    March 21, 2012 at 4:20 pm

    Originally, I thought it would be wise to protect you, the interviewee, by allowing you to refuse the request with no repercussions. I thought allowing the interviewer to ask you for your password would be fine, as long as you has a legal opt out.

    Reply
  25. Zardoz says:
    March 21, 2012 at 4:31 pm

    One possible response….

    “I’m sorry Mr Interviewer, my Facebook password is only on my Yubikey and I have left it at home. Sorry, but I have no idea what the password is, as I never have to type it in any more.”

    Reply
    • Techno says:
      March 21, 2012 at 6:41 pm

      Indeed, I genuinely don't know my Facebook password because it was generated by and is stored in a password storage program. I just copy and paste it into the field without seeing it.

      Reply
  26. Cat says:
    March 21, 2012 at 4:36 pm

    If I was sitting in an interview and was holding in my lap a journal and the prospective employer said, "Is that a journal you have there? May I read through it?" I think asking to read your facebook account would be the exact same thing. It is a personal electronic diary of your day to day activities. If you wanted total strangers to read it you would have your settings set to public. This is a complete invasion of privacy!

    Possibly employers could tell interviewees that they have a policy of termination if anything is posted about the company or employees that defames the character of such. A firm reminder to keep your page solidly private. Oh but that's a whole other court case involving the First Amendment and freedom of speech.

    Reply
    • Derek Harris says:
      March 26, 2012 at 10:00 pm

      You're mixing issues here: the first ammendment applies to the government taking an action based on political speech; it does not apply to administrative or civil action taken by a private company or individual in response to defamitory speech.

      Reply
  27. Eric says:
    March 21, 2012 at 4:36 pm

    I agree with what some other have already: It already is illegal for prospective employers to make such a request. By law, they can't delve into matters such as family status and religion, and for most of us (certainly for me) that sort of information is readily available through logging into a person's Facebook account.

    And, frankly, if anyone were to make such a request of me, I'd consider filing a complaint if I felt that in any way my rejection were due to my refusal of the request.

    Reply
  28. Jeff Sergeant says:
    March 21, 2012 at 5:01 pm

    It's already illegal to ask someone's age, marital status, sexual preference etc… If you make it clear that these are apparent from your profile, how is asking for your Facebook log in any different?

    Reply
    • Marc says:
      March 21, 2012 at 10:10 pm

      Sexual Orientation. It's not a preference.

      Reply
  29. Guest says:
    March 21, 2012 at 5:04 pm

    Seriously, if employers are so paranoid that they must request such information, it's a sign that there is something seriously wrong with that employer. Despite all the precautions, hiring someone is always a risk. I'm sometimes amazed at how some interviewers want a guarantee on a person when there really isn't one.

    Reply
  30. Kristina says:
    March 21, 2012 at 5:22 pm

    The issue is not just invasion of MY privacy but also invasion of the privacy of those who are friends on my account. I'm sorry, there's no way I am going to risk my friends privacy just so a company can decide if what I do in my off time is good enough for me to work for them.

    Reply
  31. dkitch says:
    March 21, 2012 at 6:50 pm

    It's already illegal to do this. In the US, you cannot ask for details on someone's age, marital/family status, birthplace, affiliations, etc during an interview. This is all information that is available on a person's Facebook profile.

    People who are forced to reveal their Facebook information should file a complaint with the Equal Opportunity Employment Commission http://www.eeoc.gov/facts/howtofil.html

    Reply
  32. Joshua B. says:
    March 21, 2012 at 7:08 pm

    Just keep your profile private, and say you don't use Facebook… You won't appear in any search results 🙂

    Reply
    • @ericksoon says:
      March 21, 2012 at 8:31 pm

      The problem with that is that Facebook search is one of the best parts of Facebook. I have had many people I 'lost' through the years find me. It's great.

      Reply
  33. pinktech says:
    March 22, 2012 at 1:41 am

    Hmmmm, wonder what comes next?

    Then, hopefully in language I would use with my grandmother, I'd offer to friend him and let him see what's there. Beyond that, no, they will do reference and background checks, and a drug test; if that's not enough, too bad. I'd walk out, and that's coming from someone who lost her job 20 months ago. I might send a letter to the head of HR or the company manager/owner stating what happened in the interview and asking if that is standard procedure (it may be an interviewer error). If it is the way they roll, well by golly, I'd get the word out.

    Reply
  34. Neil says:
    March 22, 2012 at 1:20 pm

    Don't use the utter tripe which is Facebook.

    Reply
  35. Who's too blame says:
    March 22, 2012 at 1:50 pm

    Asking for direct access to someones account is going too far. I can see an employer creating a company account that you would have to friend so they can see your profile. I have seen people get fired for posting information about co-workers or confidential information in which they should be fired. I also have seen people get fired for using twitter in which they released confidential or private information to the public. At some point and time the person that puts the information out there has to be responsible for their actions.

    Reply
  36. sentinel150 says:
    March 22, 2012 at 1:52 pm

    I will allow my new employer to "friend" me on facebook but access to my password will not happen. Security is not a game played lightly. I know that Law Enforcement is most likley already on my friends list pretending to be a pritty girl in a two piece or somthing like that, you get the idea. I have nothing to hide and if that's how they wish to spend our tax money then so be it, let them violate the TOS, my password is mine. lol and I just changed it again, lol

    Reply
  37. Rob says:
    March 22, 2012 at 2:01 pm

    If you do give your password, then don't forget to change it immediately after the interview. Insist on watching them accessing your profile and/or providing a keystrioke log.

    Better still, change the pssword before the interview to something completely different from all your private passwords. That will take some management, as it is far easier to set up a new account password for yourself than to set up an account for someone else or group with a password that dosen't bear any relationship to one you might use.

    Reply
  38. @artberry says:
    March 22, 2012 at 5:01 pm

    I'd assume it was a trick question and would say so, because surely one would assume an employer to be looking for trustworthy employees able to keep confidentialities in the work place.

    Should someone who is willing to give away their own secrets and even break the terms of a user agreement based on the possibility of a reward, in this case the offer of a job and the financial gain that may go with that be trusted with secrets and confidentialities in the work place?

    Of course if they didn't agree and continued to pursue the pass word, I suppose I'd assume I was dealing with an idiot and probably wouldn't want to work for such a person anyway. lol

    Reply
  39. Robert W. says:
    March 22, 2012 at 5:19 pm

    Interviewers are asking you to facilitate a crime and are committing one themsleves
    by asking for your username and password. They are guilty of Criminal Solicitation by
    asking you to commit Criminal Facilitation, so they can commit crimes like Computer
    Trespass, Unauthorized Access, Wiretapping, and violations of State and Federal law
    by the company and its employees.
    These are ALL felonies with serious fines and prison time. Tell the interviewer this
    and ask them if they'd rather work for the Bureau of Prisons instead, then ask to see
    their boss immediately. If not available escalate the issue asking to see the next one
    higher up, until someone in authority like an executive officer has to answer for this.
    Tell the interviewer if he/she doesn't comply, you will call the police and FBI then file
    a criminal complaint against them and the company under the Penal Laws and the
    United States Codes.
    Finally tell the interviewer if you're not hired, you will file complaints with the EEOC and
    U.S. Dept. of Justice for violating your civil rights.

    Reply
  40. Bob says:
    March 22, 2012 at 5:27 pm

    So now I am not being interviewed for my skills, but for personal aspects?

    The first error in thinking here is that we all use Facebook in different levels of intensity and for different purposes. I for example might use Facebook purely to stay in contact with my family living in other countries, somebody else uses it only to play games, somebody else uses it by doing anything you can think of, ie keeping contact with their families and friends, playing games, belong to different pages, etc, etc, etc. Because of this you are starting to have disparate levels of "insight" into different applicants, ie, you are not being compared at the same level (competence etc) which in some countries as already being argued as being illegal, as all applicants are supposed to be compared equally on even keel – ie send me your CV, give me a presentation, etc.

    In the same vein, before anybody looks at MY Facebook page, they will first have to look into all other existing employees' Facebook pages during the interview process as well, otherwise again they are not being consistent. And I as the interviewee then also want full access to the interviewer's Facebook page, as this might then make me decide that I don't WANT to work there after all.

    As other people have also already indicated, what prevents an applicant from having a nice, sterile Facebook page that makes them look like the ideal applicant, but also a different page where they ACTUALLY mess around, and this person might also perform activities that the interviewer does not agree with? There is no way the prospective employer will know about that in any case. And let us say for example that I am a complete agnostic/atheist/etc and it is portrayed in my FB pages, so certain of my actions I consider to be 100% acceptable (and it is in a wider community), but it is in contradiction to what my Bible-bashing interviewer thinks – even though my private life does not have any effect to my work-ethics and does not affect how I interact with colleagues, etc? But this is now held against me in interview because of this invasion of my private life?

    If a company thinks that they have that right to invasion of privacy, I assume the next thing is for male bosses to have full access to female cloakrooms – at the end of the day, actually – they will have more right to that, as the cloakrooms are after all business property whereas Facebook is not?

    Reply
    • aschengeschwandtner says:
      March 26, 2012 at 10:38 am

      You do not need to be consistent in your hiring policy. It may change over time and you do not have to apply it retrospectively. And thank god for that. I am a senior engineer but having read a few job adverts for junior positions in my own team, I know I would not get my own job.

      Reply
  41. Beth h says:
    March 22, 2012 at 6:03 pm

    If someone *does* request a password and one is provided to them, doesn't that also mean that they could continue surfing the persons FB whenever they wanted to? I would assume that one's pw could be changed, but the whole thing is creepy.

    Reply
  42. Nick says:
    March 22, 2012 at 7:00 pm

    When I first saw this thread I thought it was a joke – a hoax.

    People really need to take their on-line security far more seriously than they apparently do.

    Passwords should not be shared. At all.

    Reply
  43. Pete McNesbitt says:
    March 22, 2012 at 7:09 pm

    So exactly what is this FACEBOOK stuff people always talk about? I know I live under a rock but if I need to get a hold of someone I still use a phone (a landline at that), I still write actual physical letters and send them with stamps. The cell phone I own I will use only if the vehicle I'm driving breaks down. I still buy foldable paper maps. I still take photographs with a camera. Yes I do have computers a Compaq Presario and an equally old eMac. Both still working just fine.
    What I don't need, is to be is so connected that every little thought and misdeed needs to be sent out to everyone I know automatically and traced by any hacker or agency.

    Reply
  44. Bill says:
    March 22, 2012 at 7:58 pm

    There is a very simple solution. I created a domain that is made up of 32 random characters. Then at my hosting provider I created an email address that is also made up of 32 random characters also. So when I got asked for my Facebook log on credentials I hand them a business card that has my 68 character logon and my 40 character password, that has been printend in a 10 point non-serif font, with only one space between the two. It resembles a PGP key block rather than a username and password. So now the person is sitting there looking at 109 random characters with no clue on what to do. I did the same thing for my facebook username URL ( http://www.facebook.com/<user name> ) I created a 59 letter username. Then when I am asked to friend a company profile I always tell them to send me a request and hand them another card with the extremely long nasty looking username url that is again listed in 10 point non-serif font.

    Reply
  45. guest says:
    March 23, 2012 at 6:15 am

    If' you're being interviewed for a job at NSA, you might as well figure they either already KNOW your FB login and password, or it isn't the agency you thought it was. They'll directly interview all the friends you've ever known back to your childhood anyway.

    Reply
  46. Freida Gray says:
    March 23, 2012 at 9:05 am

    If you tell them you don't have Facebook,what do you tell them when they ask why your name,date of birth &current address all appear on a Facebook account?

    Reply
    • Graham Cluley says:
      March 23, 2012 at 4:46 pm

      I think the idea is that you hide your Facebook profile from public view, and from being searched for by folks who aren’t already your fb friends.

      Reply
  47. @nwscenescapes says:
    March 23, 2012 at 4:35 pm

    Why bother with any alternatives such as hiding information. It's no employer's business what I do on Facebook or any other social media. The only thing they need to know is whether or not I can perform the job. I wouldn't work for any company who wants keys to my home or passwords to any social media sites I use. Are they going to give me their passwords or keys to their home so I can "spy" on them? Think NOT! What an absolute load of BS.

    Reply
  48. Dilbert says:
    March 23, 2012 at 7:16 pm

    Contemptible.
    Unacceptable.
    In breach of fundamental IT Policies, if he complied the interviewer should be disciplined on the spot. How can that employee be trusted with his company password?
    This is not 'fine' under any circumstances. Not without a legal subpeona at the very least.
    Facebook is just one of many social networking systems, did they not also ask for his Bebo password, MySpace password, Hotmail, Gmail, Tumblr, Flickr and Harmony Central access? Or retrieve his Geocities account?

    Reply
  49. Jack Wilborn says:
    March 24, 2012 at 2:23 pm

    Doesn’t matter what’s on your page, nobody has any reason to access this information. I think Sophos stated most of them with their follow these… Also I have stated many times our (USA) legislators need to be more up on evolution of software and how to protect the general populous. Many data items are not protected by law, and need to be viewed the same as we feel about the information we ship around. I totally agree with the rules you agree to with Facebook. Would some police department like you to break an agreement, with them as they are asking you to break with Facebook? Also, what if you don’t have a social account? Many don’t and it isn’t really social if you aren’t physically with someone.

    Reply
  50. cedarflame says:
    March 24, 2012 at 4:08 pm

    So it would seem your poll on whether it should be illegal to be a scumbag corporate personal info raper is somewhat redundant.
    since it's been clearly pointed out in these commentaries why it is already illegal.

    since most people have a natural healthy aversion to pulling out a gun and shooting a (information) thief;
    therefore i suspect this tyype of corporate criminality will continue, and these ethically
    barren interviewers will be analagous to airport security hoodlums.
    the equivalent of legal criminals.

    Reply
  51. Dave says:
    March 25, 2012 at 6:51 am

    I'd love to know who the 8% of people are who think it shouldn't be illegal for employers to request this info. No doubt either pushovers or people requesting the information themselves.
    This is an outright invasion of privacy. If I was asked for this in a job interview I'd immediate tick myself off the candidate list by the response I would give the employer! I don't even understand how there is a discussion on this mater. It's wrong, full stop.

    Reply
  52. JimmyJohnson says:
    March 15, 2013 at 1:25 pm

    I don’t use facebook, I know how security works. But if I ever get asked that question, it’s a simple “No, and I don’t want to work for a company that will treat it’s employees like this.” And I politely thank them for their time, and end the interview.

    Reply

What do you think? Cancel reply

Recommended reads

Jan09
by Paul Ducklin
0

CircleCI – code-building service suffers total credential compromise

Feb20
by Paul Ducklin
6

Twitter tells users: Pay up if you want to keep using insecure 2FA

Mar17
by Paul Ducklin
16

Dangerous Android phone 0-day bugs revealed – patch or work around them now!

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • Intercept X for Mobile
  • XG Firewall
  • Sophos Email
  • Sophos Wireless
  • Managed Threat Response
  • Cloud Optix
  • Phish Threat
© 1997 - 2023 Sophos Ltd. All rights reserved. Powered by WordPress VIP