about that Facebook password kerfuffle…

My mail has been full this week with people asking about employers demanding job candidates’ Facebook passwords. I wrote about this a couple of months ago, and it’s here if you want to read it. But keep in mind that this really isn’t a common practice — not even close. It’s extremely rare. The media has jumped on this like it’s a trend, and it’s not.

People’s outrage should be over the much more common invasions of privacy in hiring, like credit checks and demands for social security numbers up-front and other information that employers have no business asking for.

P.S. 20 weeks after the terrible tragedy known as Breaking My Left Foot, I’m kind of walking (with a terrible limp, but still). (NSFW)

{ 83 comments… read them below }

  1. Avril*

    As far as media reporting goes, you almost can’t believe anything you read. Congratulations on soon being able to walk!

  2. Anonymous*

    It is more like one media report that everyone picked up and repeated. Almost verbatim. Media today is more like an echo chamber than ever before.

  3. Kimberlee*

    Hey, at least if media coverage fuels outrage at an outrageous practice, its less likely to become commonplace!

  4. Susan E*

    Wow! Congrats on walking again. Glad you were able to dodge having surgery and hope you are soon back to normal.

  5. Suzanne*

    The problem is, I think, that there are so many people out there who are desperate to find work, they do put their SS# on an online application or agree to a credit check knowing that if they refuse, they will never be hired for that position. I do believe the job market is improving, but nonetheless, if you have been out of work for quite some time and your unemployment benefits are ending, you aren’t really in a position to say “No, I won’t sign that paper that gives you permission to check my credit score.”

    1. Kelly O*

      The other thing is that it’s a non-negotiable part of many applications – you just can’t fill out the application without providing that information.

      To even meet with a recruiter at most third-party hiring agencies I’ve encountered, you HAVE to provide your driver’s license and SS card before the recruiter will even meet you face to face. I balked once, at a company in Dallas, and the recruiter said she could not even talk to me about work without that. I asked why, because I wasn’t even sure I wanted to take the opportunity she had. Needless to say I left shortly thereafter (and by the way, when I asked for my paperwork back so I could shred it, they wouldn’t give it to me even when I said I will stand here and watch you shred it, but I want it destroyed.)

      I have another third-party interview on Wednesday and they’ve already told me I need two forms of ID – drivers license and SS card are preferred. And I’ll give it to them because I can’t fight it, and I’m having a tough time finding something on my own so I don’t want to lose a channel.

      But I hate it. If you want to run a background check, let’s at least decide if I’m right for your clientele, or your clientele is right for me. (Oh, and my references will probably get called again, so I hope something comes of it, because they got called with the last company, and the job near me that I applied for was already gone, and everything else that company had was on the other side of Houston. So basically they provided references for nothing. Which is frustrating.)

      1. Anonymous*

        This is why a passport is a great idea- it works for verification and does not give out your social security # or drivers license #.

  6. Jennifer*

    For what it’s worth, this did happen to me when applying for a job in public safety. Well technically I was never given a computer and told to sign on, but I was point blank asked if I would give them my password then and there. To be honest, I think it was more of a test to gauge response than a serious request. .

      1. Jennifer*

        I told them I wouldn’t mind. They never made me give it out, just wanted to know if I would have. Then it was dropped and we moved on to the next question. As previously mentioned, I think they mostly wanted to see your response. Bear in mind I also had prints taken, neighbors talked to, etc etc. Lie detectors are also common, but I lucked out and bypassed that. I probably would have felt much differently about that question being asked during the interview process of a more “normal” job though.

    1. LJL*

      Were I ever to ask that question, if a candidate gave me the password, I’d remove that candidate from consideration as it would indicate a lack of ability/willingness to follow basic security procedures. If they do that with their own facebook, what would they do with company resources that need to be kept secure?

        1. LJL*

          TBH, I’ve never asked that and never intend to as it just seems duplicitous to me. But I’m sure that some would do it.

  7. Chris*

    To be perfectly accurate, a lot of employers don’t even bother to do credit checks. They do FICO score checks which Fair Issac Co has convinced everyone (and the three credit bureaus) is an excellent predictor of integrity on the job. If it is, I’ve never seen that research (if it exists.) But it seems like an impossibly hard thing to study, since incidents of fraud in a workforce of 115 million are so rare.

    The easy way around FB password requests is to use the feature that prevents unknown MAC addresses from logging into your account. You can give your interviewer your Facebook password with a smile, but when she tries to use it – she will be asked for a code that was just texted to your cell phone. Brilliant.
    I agree, I’ve never heard of an employer asking for a Facebook password. It’s like asking for your journal or diary. Sounds like one misguided soul who ended up on the cable news rotation.

    1. Michael*

      I do apologize but I have to correct you on the incorrect usage of the term MAC address filtering. Due to the concept of network levels, MAC address are a level 2 concern and are handled by switches and things like Facebook exist on levels 6 and 7 as they operate on servers, so therefore they never know a device’s MAC address, only its IP address. I know the feature you speak of but it’s not powered by MAC addresses. *ducks away*

      1. Chris*

        Ha. I never knew that, I thought the servers did the MAC filtering. Thanks for the correction.

        So does it use a combination IP/operating system info combination. If I use my cell phone to try to log onto to Facebook, my external IP is the same but it won’t log me on without extra security. It doesn’t recognize the device. Is it collecting Linux OS info (Android) and Browser/app info to make that determination?

        Fascinating. Still, it would be so frustrating to the nosy hiring manager. LOL

        1. Michael*

          Indeed.

          Depending on browser configuration, a web site can gather such info as the computer name, browser version, IP address, the currently logged in user name on the computer, and various capabilities of the browser such as does it support java, javascript, css, currently installed plug-ins, etc.

    2. A Bug!*

      I’m not sure I agree that that sounds brilliant. I mean, when you are asked for your Facebook password, it’s crystal clear that the actual request is for access to your Facebook account. It’s disingenuous to say “Sure, here’s my password” with the intention of withholding the access code. How are you going to refuse to provide the code at that point without coming across as a smug, tricky git?

      I’m not saying that employers should be making the request at all. They certainly should not be under most circumstances. But if you make as if you’re going to consent to the access only to pull a fast one on the employer who’s asking, you’re not going to come off very well.

      If you are not agreeable to granting access to your account, just say so; don’t play games. It’s a waste of time for everyone involved.

      1. Chris*

        Its a randomized code sent to the cell phone you have registered. And its only good for a certain period of time. The manager can call me and ask for the code it they are that determined. But think about it, if a hiring manager asks for a FB password, you are going to then have to change it immediately after anyway – whether you are hired or not. That’s annoying. This is the same thing, its granting access to one device for a one time look but without having to change the password. I’m not opening my account to click bait spam, but I will let someone read my FB account. Its completely boring. Its 700 pictures of my dog and insight into my level of fandom of my favorite sports teams. I’m just not going to make it very easy. If the hiring manager didn’t want to waste their time, they wouldn’t have asked to read my FB page in the first place.

        1. A Bug!*

          I apologize; I misunderstood. My understanding of the situation you described was that the employer was not advised ahead of time that they would need an additional code, and further that the code would not be provided on request.

          If you’re up-front with the employer about the fact that they are going to need to contact you at the time of access in order to be granted same, that’s different than the circumstances I was picturing. I’m still not sure that such a hurdle is going to help your chances as compared to a level-headed refusal, but it’s definitely less “what the heck” than I had originally thought!

          Thank you for clarifying.

          1. Chris*

            I use different passwords for different accounts. I don’t know – I guess I’m paranoid or something. And they are all random non dictionary words and symbol combinations.
            Changing passwords is a major headache for me. And I would totally give the employer the texted code to log on. But then I would know exactly (within 5 minutes) when they were doing it. AND I would for sure go check and make sure they didn’t add themselves to the list of full time approved devices.
            There’s also a FB feature when you can close open sessions from a main approved device. I would give the hiring manager 10 minutes and boot them! They can read my list of likes, but if they think they are going to regale themselves with reading every status update for 3 years…well, no.
            Giving someone a peek at my doggie pictures is no big deal to me. But there are ways to maintain control of that process and people can and should use them when they are asked.

            1. Susan*

              Now I’m just plain curious – I had no idea FB had these kind of options (or is this something you have special skills at)? I.e., where can I “close open sessions from a main approved device?”

              Interesting stuff.

              Think of the conspiracy theory: Companies were planning to take down FB by pursuing this across the board with candidates and employees. People would start removing their FB accounts because of it. Legislation would be 5 years behind protecting the average citizen, as usual. Companies would no longer have to bow at the feet of the FB Lord. Companies win.

  8. Liz*

    I think it’s hilarious that this story is just hitting the media now. I was in college when Facebook first hit and the absolute first thing anyone told us was “Do not put anything on there that you wouldn’t want an employer to see. And remember, your professors are like your employers (meaning the whole ‘but you need a .edu address!’ argument in the beginning didn’t matter).” I was told countless times that employers were going to ask for my Facebook password and yet I have never seen it happen. It’s like all of the really crappy career center people at colleges got together and said “hmm, we haven’t actually heard anyone tell us this is happening, but we know it must be! Let’s send out a press release about it!”

    Regardless that this practice would be completely against Facebook’s terms of service, another reason I would never hand out my facebook password to anyone else is that I’m connected to my company’s Facebook page. If you have access to my personal page you have admin access to that page and there is no way I’d put that in the hands of anyone outside of my company. Heck, we hardly trust the people inside the company to have admin access, so that would just be nuts.

    I have had one interviewer tell me that they need to keep a professional Facebook persona and they would appreciate it if I did an audit of my materials on Facebook prior to being employed. I told them that I keep Facebook personal and would not connect to people in that manner professionally, but I WOULD set up a Facebook page to allow people to interact with me. That didn’t seem to appease them, and while I was not specifically asked for a password they seemed iffy on my candidacy because I wouldn’t tell them flat out that I would “audit” my page (which they couldn’t see to begin with due to privacy settings).

  9. ChristineH*

    “The media has jumped on this like it’s a trend, and it’s not.”

    The media does this all. the. time. They hype things up to get ratings.

    Congrats on sort of walking!

    1. Long Time Admin*

      How true! Real journalism (the kind with integrity behind it) is a thing of the past.

  10. Cruella Da Boss*

    How on earth would a company ever know I even had a Facebook?

    AAM….I’m glad you are getting around now.

  11. Anonymous*

    If you are worried about this just happening to you (but I also agree it is rare) just create one that is professional (fake page) and one that is real. Just log into that one if asked to do so…

    Luckily, I have a very cool boss and he hates fb and will sometimes ask me to look up his ex’s lol

  12. Doug*

    My main concern about giving an employer access to my facebook isn’t so much concern about inappropriate photos or things that I write, but rather things about me that an employer might be able to discriminate me towards: things like my religious background, political affiliation and even favorite movies or books

      1. Doug*

        Let me give a good example of a “hobby” that I like that I would be worried about be discriminated on:

        I admit to being a nerd. I love video games and comic books, even in my mid 20s. Sometimes, I will post videos on my facebook profile of me doing a speedrun in a classic video game (a speedrun is when you try to beat a game as quickly as possible and record your time). I don’t want my interviewer to see that on my profile and say “Well, he does this in his free time, and no mature man in his mid 20s should.” Another example: I like zombie movies, books and comics. I don’t want an interviewer to think that I have a blood fetish or something, or think that I am somehow “sick” just because I like zombies.

        1. Anony*

          Here’s another question: What is your control if someone posts and tags a photo of you that you feel is inappropriate? Will it allow tagging only if you have a FB account? Otherwise I’m thinking you’re really at the mercy of anyone with a camera phone.

          (I know you can untag, but don’t you have to be monitoring those kinds of posts? I only go into mine every 3-5 months.)

          1. Anon*

            And you can set your privacy so only you see your tagged photos. The photo will still show up on the page of whoever posted it, but the tag (and photo with it) will not show up on your page/feed this way. So your other friends would not know you’re tagged in anything unless they’re also friends with this person and can see the “original” photo/tag. This is what I do since my sister does not edit her photos and tags liberally – so until I get in to untag every photo of myself it doesn’t show up on my feed/timeline. It’s very handy if you have a friend/relative like my sister whose goal was to upload 6000 photos to facebook, so she never erased any photo she took. Blurry photos, floor shots/ceiling shots (why yes, give your camera to a four year old), unflattering photos, red eye/finger in the shot, etc – they are all there.

        2. Jamie*

          “I admit to being a nerd. I love video games and comic books, even in my mid 20s. Sometimes, I will post videos on my facebook profile of me doing a speedrun in a classic video game (a speedrun is when you try to beat a game as quickly as possible and record your time). I don’t want my interviewer to see that on my profile and say “Well, he does this in his free time, and no mature man in his mid 20s should.” Another example: I like zombie movies, books and comics. I don’t want an interviewer to think that I have a blood fetish or something, or think that I am somehow “sick” just because I like zombies.”

          This would definitely not be held against you if you work in IT. An interest in zombies, bacon, and old school video games are almost a requirement.

          1. Susan*

            “An interest in zombies, bacon, and old school video games are almost a requirement.”

            Another classic line from the AAM site!

      2. Anonymous*

        That would be the basis of my objection. I would be able to give consent for myself if the balance of disclosure/benefit worked out, but I would not be able to give consent for my friends, some of whom work in the same field and are on the same employment circuit, and who have trusted me with their information.

  13. Mike C.*

    “People’s outrage should be over the much more common invasions of privacy in hiring, like credit checks and demands for social security numbers up-front and other information that employers have no business asking for.”

    Ok, so what should we as employees predominately in the United States do about it? We live in a nation where you can be fired for no reason and with no notice. You understand that many folks are choosing between putting up with a bad work environment or paying for food, shelter and healthcare. So what can be done?

    1. Ask a Manager* Post author

      Actually, this is a problem with a much easier solution that some of the other workplace issues: Congress or your state could very easily pass a bill outlawing both of these practices. New Jersey, Maryland, and a bunch of other states are considering bills that would ban credit checks in hiring, in fact.

      Here’s what you can do:

      1. Write to your members of Congress and ask them to introduce legislation that would ban both of these practices. You can email your U.S. representative here: https://writerep.house.gov/writerep/welcome.shtml
      … and you can find and email your U.S. senator here:
      http://www.senate.gov/index.htm

      2. Write to your state legislators and ask them to do the same.

      Legislators are actually very responsive to constituent mail, and when they get enough letters on a topic (and that number doesn’t need to be high), they will very often act.

      (Why, yes, I have worked in advocacy my whole career.)

      1. ChristineH*

        Actually, I would think credit checks are okay, even advisable, for finance-related jobs.

        1. JT*

          Yeah, I mean if someone is out of work and low-quality health insurance because that’s all he can get. And then he gets cancer and has huge medical costs to stay alive and goes bankrupt, he clearly shouldn’t be allowed to work in finance.

          1. Mike C.*

            In 2007, 62% of bankruptcies were due to medical emergencies, and 75% of those folks had medical insurance coverage.

            1. Z*

              Nice point on how ridiculous our health care costs are, or how lousy the average coverage is.

              JT, I’m familiar with a somewhat similar scenario but thankfully avoided a BK so far and yes, my background is finance. A crappy FICO score now doesn’t mean I stole or plan to steal money, cripes sake. That’s like assuming anyone who works at fast food places or convenience stores are there just to steal out of the cash register because that’s the only work they can get?

            2. Long Time Admin*

              I started telling my doctor that I’m not made of money, and if I “need” another prescription, it needs to be on Walmart’s $4 list, or I won’t fill it.

      2. Mike C.*

        Yes, this is why I asked here. :)

        Look, it’s easy to say, “Oh, just write your members of Congress” (though at the state level this is a much more reasonable request), but protections like this fly in the face of ideologies that cry for no government regulation of the workplace or that they’ll somehow prevent businesses from hiring*. Furthermore, my congresscritters would generally support this sort of legislation, but as you know, it only takes one senator to put a secret hold on legislation and *poof* it doesn’t go anywhere.

        And even then, there are plenty of moneyed interests that profit off of weak labor protections. How do you fight against a group like the Chamber of Commerce?

        I don’t want to turn this into a huge political debate, but I really feel like the deck is stacked against issues like these.

        On the other hand, Facebook released a statement today saying in part that they would be suing employers that make this a regular practice. Who knows, I’d love to see them nail a few small minded employers for this sort of thing.

        1. Ask a Manager* Post author

          But this is how you get change. People speak up and make their voices heard. Lots of laws have passed because the public demanded them, even when they were up against much more well-financed interests. There are tons of examples you can find of this.

          Do yourself and other people a favor and send those letters — that act can and does cause change, and you are someone who clearly cares passionately about these issues. Don’t disenfranchise yourself. Speak up to the people with the power to do something about it.

        2. JT*

          Let’s have a political debate, not about the two parties, but about activism vs apathy. We have to try. We can vote, give money to representatives and candidates that share our values (at least a bit), and we can contact our reps. I do all three. We have to try.

          Yes, our government is hard for regular people to influence. But pointing that out as a reason not to try makes the situation worse.

          1. Ask a Manager* Post author

            And actually, it’s not always hard to influence! I’ve heard congressional staffers and members of Congress say that they assume that just 10 letters from constituents represent the concerns of 10,000 voters, because anybody who takes the time to write is voicing the concerns of thousands more. There have been bills introduced solely because a congressional office received a few dozen letters on an issue.

            1. JT*

              Yes!

              And for some stuff I care about, I write and then send a copy of what I wrote to friends who may care or relevant email lists, urging them to use/adapt my note.

        1. Anonymous*

          And I have just read that FB might make it a legal matter (ie lawsuits) against employers who have been reported for wanting a candidate’s FB password.

      3. anon.*

        Alison, you are – as always – quite awesome.
        Thanks for the info and the links!

        (and congrats on walking!)

  14. Karthik*

    Simple. “Providing my login credentials to a third party is a violation of the terms of service for Facebook, a contract which I had to agree to in order to use the service. I intend to honor that contract, just as I would honor any contract that I become party to in the course of working with your company.”

      1. Ask a Manager* Post author

        I wonder. It’d be interesting to know how the (again, VERY TINY number of) employers who are doing this would handle it. It might not matter if they’re asking you to show them your profile on the spot; presumably they’d just tell you to log in for them.

        1. Anonymous*

          It might not matter if they’re asking you to show them your profile on the spot; presumably they’d just tell you to log in for them

          … which leaves the account compromised anyway.

        2. Malissa*

          I’d be leery of logging on their computer. What if they have key logging software so they can look further when you are gone? That’s just a easy way to get your password. I’d be more apt to take out my phone and bring up my page and let them look that way.

          1. Anonymous*

            If they wanted you to log on their computer, you can do so. I say that because with your phone, as you say, you can access your page and change the password as soon as you know they are finished with it. Not all, like myself, can do that if we don’t have that sort of phone.

            1. Anonymous*

              I think logging on from their pc is beside the point.
              The people who entrusted you as their friend did not give consent for their pages to be viewed; someone logging on as you has those rights. The earlier post about discrimination based on your personal viewpoints and status (married, hetero, swinger) is also quite valid. What if the HR person you are speaking with happens to know Joe, a friend of yours on your page, and Joe works for Budweiser. A photo is on your page of you and Joe and friends hanging out and Joe has a Miller in his hand. Mr. HR calls his buddy over at Bud (because he gets free beer every Friday after work) to rat out Joe, who gets written up, fired or maybe just passed over for promotion.

  15. Anonymous*

    It could be fun to find a job where you know this is going to happen, and create a Facebook account where the ‘private’ area is packed with trojans and the like. Then when you apply, hand over the password, but add that you would suggest in the strongest possible terms that they don’t log in to the account.

  16. Susan*

    Ok I admit, I was one of those kerfufflers…and I was/am outraged by it. Mainly because I was already pissed about the credit check BS, which, if you’ve been out of work, this practice has now most likely caused you to be in a vicious circle of despair.

    And hearty congrats on WALKING or at least something resembling it! I am selfishly bemoaning the loss of the much too short Foot Blog, however. “Yearning for Poe” and “a covetous, baleful malcontent” are shining literary phrases and should be made into wall signs. Now, how to use them along with chocolate teapot maker in one awesome cover letter?

    1. Anonymous*

      I still have not yet heard a good enough reason as to why credit checks are done. I do understand the criminal history check though.

  17. Kelly O*

    1. Glad to hear you’re up and walking again – it’s got to be nice to be a mobile, bi-pedal person again.

    2. I think that there are some employers (and employees) who think that the whole issue of employment is entirely up to the employer. They forget that an employee does have a choice, and just because they make a rule does not mean that everyone is going to follow along.

    By that, I mean someone with an option may exercise that option by finding another job, or even speaking up about a practice that might not be illegal but is probably not smart. And yes, the employer can always find someone else to do it. I totally get that. But if the rule is commonly accepted as not smart, you’re going to have a hard time finding smart, talented people to work at your chocolate teapot factory (I love that!) – if that goes on long enough, your teapots will suffer, your customers will find better quality/service/etc. and you’ll have a way bigger problem than Jim Bob’s Masterchief ComicCon costume, or Judy’s crippling addiction to Hummel figurines, all featured prominently on their Facebook pages.

    1. Mike C.*

      When the choice is “go through this interview process and possibly get a job” versus “not having money to pay for shelter or food” then it’s not a choice at all.

      Look, it doesn’t matter what happens in the long run, because in the long run, we’re all dead. Even before that, we have to eat. The mutually assured destruction that you’re calling for leaves no one a winner.

      1. Anonymous*

        So for your next interview, the employer will ask to have a copy of your house key made. You won’t mind, would you? Forget Facebook. Let’s go straight to the source and find what skeletons are in your closet!

        I have noticed in various posts of yours that you are always mentioning this get the job vs. have no money situation. While I hope you are not subtly mentioning your own life here, you have to realize that you still have your dignity and need to draw a line somewhere. For extreme sakes, if an employer told you that you’d get the job if you want out and shot someone, would you do it? I would hope not. You don’t want to A. Hurt someone else, and B. Land yourself in jail. But why not protect yourself? Where are you going to draw the line for your own life? You don’t share with everyone you know your entire life story, and your FB friends *should* be people you know and share stuff with.

        I believe these employers who ask for this information are on a huge ego trip, and it makes them supposedly look much more superior than the rest…rather condescending.

        1. Ask a Manager* Post author

          I think Mike’s point is that there’s often a huge power imbalance in the employer/job-seeker relationship, and that makes these types of demands all the more disturbing — because it’s very hard for many job-seekers to say no to inappropriate demands, since their income is at stake.

          1. Anonymous*

            Hmmm….I didn’t read it like that. I didn’t get the “disturbing” sense out of his words but rather more of a “it is what it is” sort of notion. But that’s what happens when you’re reading text and not hearing tone of voice. That is why I answered the way I did. I can see what you mean, but it did not come clearly to me like that the first time around. Only he can say which is more correct.

    2. Jamie*

      I do love the chocholate teapot reference, but I think “crippling addiction to Hummel figurines” just worked its way into my regular vocabulary.

      I love that.

  18. mh_76*

    Here is a link from the AP via the Boston Globe.

    http://articles.boston.com/2012-03-20/business/31215793_1_social-networking-password-facebook

    The irony about this is that company policies at generally say that employees are not to share their passwords with anyone and that doing so is a “fire-able” offense. Many say that employees are not supposed to use their username/password to sign in a colleague.

    The article doesn’t imply that this is a rampant practice but does point out that it sometimes happens and briefly covers both sides of the issue.

    As for the credit-check debate: Someone who was a temp. at my last job was offered a “permanent” job there but the offer was yanked after his credit check came back. He had been working retail before and overlapping with the temp. job and was sharp and very competent. That company was so screwed up, though, that it was really a blessing in disguise.

    AAM, glad that you’re walking again!

  19. Elizabeth West*

    Yay for walking! :)

    I don’t want to work for anyone who would ask me for my password. Lord knows what else they would want from me. I just file that under “unethical” and move on.

Comments are closed.