Don't Ask Job Applicants for Passwords

Alan Reiter, President, Wireless Internet & Mobile Computing | 3/28/2012 | 86 comments

Alan Reiter
If companies ask job applicants for their usernames and passwords to access their social networking sites, CIOs should put a stop to it. It's for the good of the job applicant and the company. It's also for the good of the CIO, and if that's not enough, it's what Shakespeare would have suggested.

The most recent brouhaha began last week when Associated Press published an article about job applicants being asked by human resources departments of companies and government agencies for their social networking usernames and passwords. For example, one statistician in New York was asked to turn over his log-in information so the interviewer could see his private profile. The statistician refused and withdrew his application, but other applicants sometimes hand over this data.

AP says that asking for usernames and passwords seems more prevalent by government agencies, such as for law enforcement jobs. The article also notes that the city of Bozeman, Montana had asked job applicants for log-in information for their email, personal Websites, and social networking sites. The city has since stopped asking for this information. In 2009, I wrote about this in Internet Evolution, a sister site to Enterprise Efficiency.

So the AP story isn't bringing up a new trend, but it's highlighting what might be an increasing one. With the poor job market, too many employers feel they have the right to ask job applicants for log-in data. Even if organizations aren't asking for usernames and passwords, they sometimes ask applicants to log into their personal sites on a company computer so company executives could see all the information, AP notes.

Facebook -- which certainly isn't a poster child for protecting user privacy -- issued a statement condemning organizations that asked for its log-in credentials. The company said, "This practice undermines the privacy expectations and the security of both the user and the user’s friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability."

Facebook says, "We’ll take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges." Facebook told the blog Ars Technica that it didn't have any immediate plans to sue employers who asked for log-in data.

However, I wouldn't be surprised if Facebook is talking to Senators Richard Blumenthal (D-Conn.) and Charles E. Schumer (D-NY). The senators sent a letter to the US Department of Justice and the US Equal Employment Opportunity Commission, asking them to investigate whether demanding log-in credentials violated any laws. The senators are drafting legislation to close any loopholes allowing employers to ask for such information.

An American Civil Liberties Union lawyer says asking for usernames and passwords is an invasion of privacy, and a Washington, D.C. area lawyer says it violates the First Amendment of the Constitution.

So from a legal standpoint, companies must be cognizant of possible ramifications. If a job applicant's private information influences a decision not to hire the person, under certain circumstances it could be considered discrimination. A woman who posts privately that she's pregnant and isn't hired might have a legal case against the company.

But even putting legal considerations aside, CIOs should demand their organizations not ask for log-in credentials. How often have IT managers railed against employees who left out their usernames passwords for anyone to see? How often have IT managers emphasized the importance of not sharing authentication credentials with anyone?

Should companies even trust a job applicant who would be willing to reveal log-in credentials? It's a security breach. An applicant could agree to log into a company's computer -- without the HR interviewer seeing the username and password -- to allow unrestricted viewing of personal Websites. But the computer could be capturing keystrokes.

CIOs should tell their human resources departments and even their CEOs that it's verboten to request a job applicant's log-in credentials. Asking for this information strikes at the pith and marrow of what IT departments should protect. As Polonius said in Shakespeare's Hamlet: "This above all, to thine own self be true..."

View Comments: Newest First | Oldest First | Threaded View
Page 1 / 9   >   >>
nasimson   Don't Ask Job Applicants for Passwords   4/23/2012 4:15:05 PM
Unprofessional approach

This is a very unprofessional approach being adopted by the companies. People interact in several different manners with their friends and family and it does not and cannot reflect how a person will perform in any job or task assigned to him/her. It is clearly an audacious behavior on part of the companies and should be discouraged on a high scale. I'm wondering why didn't such a news catch the eyes of anyone soon enough. 

Syerita Turner   Don't Ask Job Applicants for Passwords   4/9/2012 10:27:20 AM
Re: security
@ white_space. Thanks. I agree. I just want my personal information kept personal. I understand employers want good decent wholesome people but that is what background checks are for. If that doesn't cut it then I am just not cut out to work for your company.
Henrisha   Don't Ask Job Applicants for Passwords   4/2/2012 4:05:41 AM
Re: Don't Ask Job Applicants for Passwords
Well said, Andrew. I'm also waiting for when that day comes when the "good times" in the job market roll around again. I wonder how they would feel if it were their passwords and their accounts that were going to be thumbed through to evaluate if they're doing a good enough job.
Henrisha   Don't Ask Job Applicants for Passwords   4/2/2012 4:03:39 AM
Re: security
Exactly! Giving other people access to your social networking accounts is like letting them thumb through the contents of your mobile phone or letting them snoop around your laptop. There's the off chance that they might find something that has something to do with your work, but the majority of things they will come across is most likely personal things that should remain personal.
Henrisha   Don't Ask Job Applicants for Passwords   4/2/2012 4:01:51 AM
Re: Don't Ask Job Applicants for Passwords
I think asking for employees or job applicants for their passwords is just wrong. There's a fine line being crossed here, and it seems that this practice is encroaching on the employees' privacy. There are far less intrusive means to get to know the applicant as a whole. Get a security check, ask for the necessary papers, do a multitude of interviews and set up a trial period to evaluate the applicant. Asking for passwords just seems so wrong.
Alan Reiter   Don't Ask Job Applicants for Passwords   4/1/2012 11:41:32 PM
Re: Where have all the Google+ gone.. long time ago
Hi white.space (Sudarshana),

I wonder whether employers who ask for user names and passwords ask for specific sites or for all social networking and personal Web sites. Any employer who has the effrontery to ask for user names and passwords probably has an item in the job application specifying "all" such sites.

User Ranking: Blogger
Alan Reiter   Don't Ask Job Applicants for Passwords   4/1/2012 11:36:09 PM
Re: security
Hi white.space (Sudarshana),

As I've noted in a comment or two, for certain jobs, such as national security, a person's life does have to be pretty much of an open book to a potential employer. Privacy is not an option. But even in those situations, it's wrong to hand over user names and passwords.

In fact, if I were hiring someone for a national security position, I'd be concerned if a job applicant did agree to offer log-in credentials. I don't think security organizations (think CIA, NSA, FBI, etc.) ask for this.

User Ranking: Blogger
Alan Reiter   Don't Ask Job Applicants for Passwords   4/1/2012 11:28:36 PM
Re: Discrimination based on social media, stilll is
Hi white.space (Sudarshana),

From the standpoint of discrimination, there are state and federal laws about discrimination because of age, religion, medical conditions, etc. An employer who doesn't hire a job applicant because of this type of information in his/her public or private postings could be sued. However, this is very difficult to prove.

User Ranking: Blogger
Alan Reiter   Don't Ask Job Applicants for Passwords   4/1/2012 11:22:38 PM
Re: security
Hi Syerita Turner,

I don't think it's right to ask for user names or passwords, either. For certain jobs, such as in national security, employers have the right to examine just about everything regarding an applicant. But I don't believe even for those jobs an applicant should hand over user names and passwords.

I have no problem with employers looking at a job applicant's public information which, by definition, is available to anyone on Facebook, Twitter, blogs, etc.
User Ranking: Blogger
Alan Reiter   Don't Ask Job Applicants for Passwords   4/1/2012 11:13:25 PM
Re: Password faux pas
Hi impactnow,

I don't see asking for user names and passwords as being similar to drug testing. Handing over log-in credentials is a potential breach of security for the job applicant and the Web sites for which those credentials are provided.
User Ranking: Blogger
Page 1 / 9   >   >>


The blogs and comments posted on EnterpriseEfficiency.com do not reflect the views of TechWeb, EnterpriseEfficiency.com, or its sponsors. EnterpriseEfficiency.com, TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

More Blogs from Alan Reiter
Alan Reiter   8/27/2013   29 comments
Hacking the Internet of Things (IoT) is becoming much easier because of increasing numbers of "things" to hack. CIOs are facing a world where they potentially will have to keep track of ...
Alan Reiter   10/12/2012   34 comments
With its latest additions to the Kindle Fire lineup, Amazon is embracing the type of hardware-as-a-service ecosystem approach that its competitors are using to great effect.
Alan Reiter   9/18/2012   20 comments
The ramifications of the recent US verdict in the battle of Apple versus Samsung Electronics haven't even started. But the trial highlights the increasing uncertainty that CIOs face when ...
Alan Reiter   8/31/2012   56 comments
Research In Motion's (RIM) executives are on the road meeting with journalists, analysts, cellular operators, and major customers to promote the company's upcoming devices running the ...
Alan Reiter   8/27/2012   58 comments
Many writers and manufacturers say Windows 8 Pro tablets are for business and Windows RT (Runtime) tablets are for consumers. Although there's some merit to this pigeon-holing, pigeons can ...
Latest Archived Broadcast
We talk with Bernard Golden about accelerating application delivery in the cloud.
On-demand Video with Chat
Register for this video discussion to learn how tablets can provide true business usability and productivity.
E2 IT Migration Zones
IT Migration Zone - UK
Why PowerShell Is Important
Reduce the Windows 8 Footprint for VDI
Rethinking Storage Management
IT Migration Zone - FR
SQL Server : 240 To de mémoire flash pour votre data warehouse
Quand Office vient booster les revenus Cloud et Android de Microsoft
Windows Phone : Nokia veut davantage d'applications (et les utilisateurs aussi)
IT Migration Zone - DE
Cloud Computing: Warum Unternehmen trotz NSA auf die „private“ Wolke setzen sollten
Cloud Computing bleibt Wachstumsmarkt – Windows Azure ist Vorreiter
Like Us on Facebook
Twitter Feed
Enterprise Efficiency Twitter Feed
Site Moderators Wanted
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail:
moderators@enterpriseefficiency.com
Dell's Efficiency Modeling Tool
The major problem facing the CIO is how to measure the effectiveness of the IT department. Learn how Dell’s Efficiency Modeling Tool gives the CIO two clear, powerful numbers: Efficiency Quotient and Impact Quotient. These numbers can be transforma¬tive not only to the department, but to the entire enterprise.

Read the full report
The State of Enterprise Efficiency in the Virtual Era: Virtualization – Smart Approaches to Maximize Gains
Virtualization is a presence in nearly all enterprise data centers. But not all companies are using it to its best effect. Learn the common characteristics of success, what barriers companies face, and how to get the most from your efforts.

Read the full report
Informed CIO: Dollars & Sense: Virtual Desktop Infrastructure
Cut through the VDI hype and get the full picture -- including ROI and the impact on your Data Center -- to make an informed decision about your virtual desktop infrastructure deployments.

Read the full report
SPONSORED BY DELL
CASE STUDIES
EBOOKS
PUBLIC SECTOR RESOURCES
VIDEOS
WHITE PAPERS
WINDOWS SERVER 2012 RESOURCES
A Video Case Study – Translational Genomics Research Institute
e2 Video


On the Case
TGen IT: Where We're Going Next

7|11|12   |   08:12   |   10 comments


Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
On the Case
Better Care Through Better Communications

6|6|12   |   02:24   |   11 comments


The achievements of the TGen/Dell project could improve how all people receive healthcare, because they are creating ways to improve end-to-end communication of medical data.
On the Case
TGen IT: Where We Are Now

5|15|12   |   06:58   |   6 comments


TGen is breaking new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions.
On the Case
TGen IT: Where We Were

4|27|12   |   06:45   |   10 comments


The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
On the Case
1,200% Faster

4|18|12   |   02:27   |   12 comments


Through their partnership, Dell and TGen have increased the speed of TGen’s medical research by 1,200 percent.
On the Case
IT May Improve Children's Chances of Survival

4|17|12   |   02:12   |   8 comments


IT is helping medical researchers reach breakthroughs in a way and pace never seen before.
On the Case
Medical Advances in the Cloud

4|10|12   |   1:25   |   5 comments


TGen and Dell are pushing the boundaries of computing, and harnessing the power of the cloud to improve healthcare.
On the Case
TGen: Living the Mission

4|9|12   |   2:25   |   3 comments


TGen's CIO puts the organizational mission at the heart of everything the IT staff does.
On the Case
TGen Speeding Up Biomedical Research to Save More Lives

4|5|12   |   1:59   |   6 comments


The Translational Genomics Research Institute is revamping its computing to improve speed, storage, and collaboration – and, most importantly, to save lives.
On the Case
Computing Power Helping to Save Children's Lives

3|28|12   |   2:13   |   3 comments


The Translational Genomics Institute’s partnership with Dell is enabling them to treat kids with neuroblastoma more quickly and save more lives.
Tom Nolle
The Big Reason to Use Office

3|18|14   |   02:24   |   46 comments


Office and personal productivity tools come in a first-class and coach flavor set, but what makes the difference is primarily little things that most users won't encounter. What's the big issue in using something other than Office, and can you get around it?
E2 Editors
SPONSORED: Mobile Security — A Use Case

3|4|14   |   04:27   |   16 comments


New mobile security solutions can accommodate a wide array of needs, including those of a complex university environment.
Tom Nolle
Killing Net Neutrality Might Save You Money

1|16|14   |   2:13   |   16 comments


The DC Court of Appeals voided most of the Neutrality Order, and whatever it might mean for the Internet overall, it might mean better and cheaper Internet VPNs for businesses.
Tom Nolle
The Internet of Everythinguseful

1|10|14   |   2:18   |   19 comments


We really don't want an "Internet of Everything" but even building an Internet of Everythinguseful means setting some ground rules to insure there's value in the process and that costs and risks are minimized.
Tom Nolle
Maturing Google Chrome

12|30|13   |   2.18   |   25 comments


Google's Chrome OS has a lot of potential value and a lot of recent press, but it still needs something to make it more than a thin client. It needs cloud integration, it needs extended APIs via web services, and it needs to suck it up and support a hard drive.
Sara Peters
No More Cookie-Cutter IT

12|23|13   |   03.58   |   21 comments


Creating the right combination of technology, people, and processes for your IT organization is a lot like baking Christmas cookies.
Sara Peters
Smart Wigs Not a Smart Idea

12|5|13   |   3:01   |   46 comments


Sony is seeking a patent for wigs that contain computing devices.
Tom Nolle
Cloud in the Wild

12|4|13   |   02:23   |   15 comments


On a recent African trip I saw examples of the value of the cloud in developing nations, for educational and community development programs. We could build on this, but not only in developing economies, because these same programs are often under-supported even in first-world countries.
E2 Editors
SPONSORED: Is Malware Evading Your IPS?

11|18|13   |   03:16   |   4 comments


Intrusion prevention software is supposed to detect and block malware intrusions, but clever malware authors can evade your IPS in these five main ways.
Sara Peters
Where Have All the Mentors Gone?

9|27|13   |   3:15   |   38 comments


A good professional mentor can change your life for the better... but where do you find one?
Tom Nolle
SDN Wars & You Could Win

9|17|13   |   2:10   |   5 comments


VMware's debate with Cisco on SDN might finally create a fusion between an SDN view that's all about software and another that's all about network equipment. That would be good for every enterprise considering the cloud and SDN.
Ivan Schneider
The Future of the Smart Watch

9|12|13   |   3:19   |   39 comments


Wearing a bulky, oversized watch is good training for the next phase in wristwatches: the Internet-enabled, connected watch. Why the smartphone-tethered connected watch makes sense, plus Ivan demos an entirely new concept for the "smart watch."
Tom Nolle
Cutting Your Cloud Storage Costs

9|4|13   |   2:06   |   3 comments


Cloud storage costs are determined primarily by the rate at which files are changed and the possibility of concurrent access/update. If you can structure your storage use to optimize these factors you can cut costs, perhaps to zero.
Sara Peters
Do CIOs Need an IT Background?

8|29|13   |   2:11   |   23 comments


Most of the CIOs interviewed in the How to Become a CIO series did not start their careers as IT professionals. So is an IT background essential?
Ivan Schneider
The Internet Loves Birthdays

8|27|13   |   3:25   |   69 comments


The Internet has evolved into a machine for drumming up a chorus of "Happy Birthday" messages, from family, friends, friends of friends who you added on Facebook, random people that you circled on G+, and increasingly, automated bots. Enough already.