Facebook Agrees: Employers Should Definitely Not Be Asking For Your Passwords

We weren’t the only ones shocked to find out that employers have been asking job applicants or in some cases, actual workers, for the passwords to their Facebook, Twitter and other social media accounts. Facebook has issued a statement addressing that practice, calling it “alarming.”

In a post this morning on Facebook’s blog called “Protecting Your Passwords and Your Privacy,” Erin Egan, Chief Privacy Officer, Policy bashes the practice of employers or anyone else putting pressure on users to gain access to their Facebook accounts. That’s not the point of Facebook, says the company, and undermines the expectation of privacy.

The most alarming of these practices is the reported incidences of employers asking prospective or actual employees to reveal their passwords. If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends. We have worked really hard at Facebook to give you the tools to control who sees your information.

As a user, you shouldn’t be forced to share your private information and communications just to get a job. And as the friend of a user, you shouldn’t have to worry that your private information or communications will be revealed to someone you don’t know and didn’t intend to share with just because that user is looking for a job. That’s why we’ve made it a violation of Facebook’s Statement of Rights and Responsibilities to share or solicit a Facebook password.

They go on to explain that not only do they think employers shouldn’t be asking for private info in the first place, because it’s wrong, but that it could even cause problems for them if they do gain access. They could end up being sued for discrimination over not hiring someone, perhaps because that person is a member of a protected group, like senior citizens, etc.

Facebook isn’t going to take this kind of privacy issue sitting down, they say, and will take action, whether “by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges.”

Previously: Potential Employers Now Have The Nerve To Ask For Applicants’ Facebook Passwords

Protecting Your Passwords and Your Privacy [Facebook]


Edit Your Comment

  1. Chairman-Meow says:

    This whole thing reminds me of the days were everyone would ask for your SSN to verify who you were, writing checks, etc.

    Until, of course, the Govt put an end to it by declaring that your SSN is NOT an ID.

    • Loias supports harsher punishments against corporations says:

      It is when hiring you is concerned.

      • maxamus2 says:

        It is only so the employer can file your W4 form to the government.

        • Chairman-Meow says:

          Read it again.

          This used to happen all the time not too long ago. If you wanted to cash a check, people wanted your SSN. If you used a credit card in a store, they would ask for a SSN. Compaines were asking for SSNs all time for various reason that had nothing to do with taxes.

          • Nigerian prince looking for business partner says:

            When I was in the Army, we had to use our SSN for everything. We even had it spray painted on our duffel bags.

    • incident man stole my avatar says:

      tell that to car insurance companies… Geico is requiring me to submit it to them if I want to be reimbursed for medical treatment. I keep refusing and think we will end up in small claims court after all it was their dumbass driver that hit me.

      • rawrali says:

        This may be due to a new Medicare law which requires companies to query claimants to see if they are Medicare beneficiaries (and then report any settlements made to Medicare beneficiaries). To query a person, the company needs their full name, date of birth, gender, and SSN. However, there is a form that can be filled out in lieu of providing those pieces of information. If that is why they want your social, ask for the form instead of providing the information.

      • Baron Von Crogs says:

        So you’re going to go to court when they are trying to settle the matter because the federal government requires them to obtain this information?

    • theotherwhitemeet says:

      But yet you still need one to fill out an I9.

      • GoBobbyGo says:

        No, you don’t. There are any number of things you can use in place of a SS card on an I-9, including a passport and a birth certificate.

    • NewsMuncher says:

      I was asked for my SSN by a video rental store.

      In that case and every other where it’s not clearly necessary (many medical/military/federal situations), I asked “why do you need this?” and I’ve never been forced to provide it to receive services.

  2. AlteredBeast (blaming the OP one article at a time.) says:

    So…is it going to matter to a potential employeer if you say, “Hey! What you are asking is a violation of Facebook’s Statement of Rights and Responsibilities!”

    • TBGBoodler says:

      It should. They may not actually realize it, if they’re stupid enough to ask for the info in the first place.

      • AlteredBeast (blaming the OP one article at a time.) says:

        But then what would happen to them? Get thier Facebook account banned? O_o

    • SBR249 says:

      It may not matter that they are violating Facebook’s TOS but it does matter that they are violating the law. FB brings up a good point that people’s accounts often contain information such as age, marital status, religious affiliation, race, etc that employers are not allowed to ask about at interviews or to base their hiring decisions upon. IANAL, While I don’t think they violate the law if you voluntarily provide the information without asking, asking for access to your FB account may cross the line as there should be reasonable expectation that a FB profile would contain such info.

      So yeah, by asking for access, employers may open themselves to the possible of allegations of discrimination and litigation.

      • FatLynn says:

        To be clear, they are absolutely allowed to ask about these things. They are not allowed to base hiring decisions on them, but the questions themselves are not illegal.

        (Now, any reasonable employer will avoid the question, so that there is never an appearance of basing a hiring decision, but simply obtaining the info is okay)

    • Sneeje says:

      I like to think about it this way…. To employer: “So let me get this straight, you want me to commit a breach of ethics (violating an agreement between yourself and another entity), so you can assess whether or not I am person of sufficient ethics and behavior to work here?”

      • ARP says:

        I think this is your approach. “You want me to violate an agreement to determine what kind of moral character I have?”

        Unfortunately, the HR minion may not see the irony of that question, hide behind policy, and just say, “no password, no job.”

    • Jawaka says:

      Hey, if I break Facebook’s code of conduct then whats to keep you from assuming that I wouldn’t break yours?

  3. jrs45 says:

    By making it specifically and openly against the terms and conditions of Facebook, applicants have an excellent reason to turn down any such requests without repercussion.

  4. humphrmi says:

    Nice to see them taking a stand, although they have little control since the law that prohibits companies from violating the Facebook TOS is, according to federal agencies, “Not being enforced, even when violations are reported.”

    However, here is the position I would take if someone asked me for my Facebook password:

    “As an HR professional, I am sure you recognize that there are certain questions that you are prohibited from asking me in an interview. Those questions are asked and answered at the top of my Facebook profile. I’m sure that you realize that simply viewing those questions and answers can expose you and your company to potential liability. I hope that so far, I have demonstrated an interest in your company and it’s success. Therefore, only in the interest of said success, I would urge you to reconsider the question you just asked me, and I will now give you the opportunity to retract it.”

    • clippy2.0 says:

      Thats a bit blunt and condescending, while accurate, and don’t think that’s an appropriate response. A better method would be to ask why they want the login; once they respond, simply let them know that not only are you not comfortable with letting them use your facebook account, but they have other, legal avenues to gain access to such information, and that you feel more comfortable pursuing legal methods if they do indeed feel they need such information.

    • TheMansfieldMauler says:

      Those questions are asked and answered at the top of my Facebook profile.

      Many of those questions are asked and answered just by looking at you. Are they supposed to interview you with their eyes closed and using a computer-simulated voice filter also?

      • SBR249 says:

        While IANAL, but I believe you can provide such info freely as long as the employer do not specifically ask for it and hiring decisions are not based on it. Here, there’s a reasonable expectation that FB profiles could contain such information and therefore by asking for access to a FB account, it may cross the line.

      • Darsynia says:

        I didn’t know people who were homosexual had ‘I am gay’ tattooed on their foreheads. Huh, learn something new every day, I guess!

        • Jawaka says:

          People who are female, black, handicapped, a senior citizen, etc.. don’t need a tattoo.

          • Doubting thomas says:

            Female I will grant, although I know at least one person whose looks are androgynous enough that that they regularly get mistaken for a woman. Black is subjective a person who self identifies as African-American may have light enough skin for an employer not to be able to guess their racial identity. Not all handicapped people are in wheelchairs. There is no magical test to tell if someone is 54 or 55 just by looking at them .

            • humphrmi says:

              Doesn’t matter anyway. Original Commenter (TheMansfieldMauler) was being specious. Marital status, number of children (not neccessarily dependants), religious beliefs, all out of bounds for HR to ask.

            • Velvet Jones says:

              Both my wife and I fit that bill. We’re both in our mid 40s, I look like I’m in my mid-30s at most, she can still pass for 30 easily. When people find out her actual age they’re shocked. She does not put her age on Facebook, but I can see this being an issue for people who do. This is a back door way for companies to gleam information that is normally off limits and should be prohibited at the Federal level.

      • humphrmi says:

        Many, not all. It only takes one protected class question to be in non-compliance. Close doesn’t count.

    • FatLynn says:

      It is NOT illegal to ask for someone’s age, marital status, etc. It is illegal to base a hiring decision on this information, but simply obtaining the information is okay.

      (state law may vary)

  5. Tim says:

    Facebook should add something to it’s TOS along the lines of “You may not allow anyone other than yourself to access your account” or “You may not access an account that is not yours.” Then, if the employer asks for your information, you can just say that it’s a violation of the TOS.

  6. the Persistent Sound of Sensationalism says:

    Thankfully this is not a concern for me at my job. But if I’m ever unemployed for any length of time, I don’t care how hard-up I am for a job, I will never, ever compromise the security of my friends, our conversations or anything else for a paycheck. In fact, I’ll walk right out of an interview and immediately hire an attorney I cannot afford and take the business to court so no one else has to be subjected to this type personal intrusion.

    • tbax929 says:

      Seconded. I would rather be unemployed than work for a company with so little value for my rights when I’m on my personal time.

      My company (whic has confidential information) has rules about what you can post if you identify yourself as one of its employees. We can’t go on Facebook and trash the company or, obviously, disclose anything about our clients. It’s a simple policy; I just don’t list them as my employer. I also don’t go on Facebook to talk about work-related stuff. That seems fair to me. The day they ask me for my Facebook password, I’m out!

      • the Persistent Sound of Sensationalism says:

        The company I work for allows us to list them as our employer, but we are not allowed to speak for the company without explicit permission, and generally, in that case they want access to monitor just what your are saying as a representative. No one, as far as I know, has asked to speak on behalf of the company. As we’ve all seen on failbook, talking trash about any company or misrepresenting them can get you canned. Eventually that kind of thing will come back to kick you in the ass.

    • HogwartsProfessor says:

      Me too, only without the lawyer. But I would go on the intertubes and say “Hey, X Company asked me for my Facebook password! Heads up, applicants!”

      They can’t get me in trouble for saying something that is true.

  7. bluline says:

    So employers just ask you to log on to FB in their presence instead. Or they demand that you “friend” someone within the company. Either one, I think, might be illegal since doing so gives the employer access to information they can’t legally seek through an interview (marital status, pregnancy, children, religion, etc.).

    • u1itn0w2day says:

      Yup, those hr types will be over your shoulder surfing/checking you out.

      I think facebook’s response is the first thing facebook related I agree with.

    • dolemite says:

      Obviously, this needs legal protection. Being forced into private accounts against your will by a 3rd party needs to be illegal. Whether it is a checking account, Facebook or what have you.

  8. newsbunny says:

    I read something interesting a few months ago (and I’ll have to dig for it) that made the argument that the car companies did very little to to make their cars safer — think seat belts — until regulation stepped in. The article went on to say we may on the cliff of regulation being needed to ensure digital privacy.

    Because this is totally fucked up. NO you may not have my non-work related passwords.

  9. az123 says:

    This is one time I actually want to see a company, or with luck a group of companies lead by Facebook, get the government to pass laws the specifically outlaw this practice. Right now there are aspects of it that make it potentially illegal, though not 100% clear or easy to prove…. What’s next, they want to have you log onto your Amazon account to see what books you read, or your Netflix to see what movies you watch… There really is no end once it starts, access to your personal email account???

    This needs to be nipped in the bud now! I would be nice if consumerist would help lead an effort to press the federal government to take action regarding this

    • bhr says:

      Let’s get rid of pre-employment credit checks first. Just because someone had credit problems three years ago and wound up in collections doesn’t make them any less qualified to work for you.

      • conquestofbread says:

        I agree, in most cases credit checks shouldn’t be run.

        I think credit checks are OK for professionals who manage other people’s money, though. I wouldn’t want to hire a CPA who didn’t know how to manage their own finances.

        • sqlrob says:

          So a CPA shouldn’t be allowed to have had major medical problems in the past that forced a bankruptcy?

          • HogwartsProfessor says:

            I don’t think conquestofbread meant that. I read it as being irresponsible. Everyone knows medical debt can bankrupt people with perfect credit. I would still probably give that person consideration if they were working hard to get their finances back together after such an incident.

            If they’d filed several times and all I saw was credit card stuff and a new car every year and a bunch of default crap, then yeah, I might think twice.

        • Doubting thomas says:

          My wife is a CPA, her personal credit is exemplary, however she married me whose credit history is below average. The day she married me her credit score dropped significantly and mine rose. In the 8 years we have been married both our scores have continued to rise 100% due to her magnificent handling of our finances. But if you ran a credit check on her 3 weeks after we got married her credit score would not reflect her true abilities with money.

  10. kobresia says:

    In light of the spate of employees casting their employers in a very bad light on FB recently, I can’t really blame them for asking. It’s inappropriate to ask for such things, but people post such incredibly stupid things on FB without any thought to who might be reading it or any thought to how they may be disparaging their employer or their employer’s customers, or worse yet, spilling the beans on company information that is sensitive.

    • HogwartsProfessor says:

      True that, but how is that different from pre-Internet gossiping to the wrong parties? A respectable company would have fired you for that anyway.

      This not only puts your information in their prying little hands, but that of your friends and family, who did NOT consent to it. And they’re talking about applicants, not people who are already employed by the companies who are asking for this.

  11. StatusfriedCrustomer says:

    Maybe Facebook should create a “prospective employer” status: If you assign someone this status, then it enables them to look at certain information about you but not the personal statistics.

    • r-nice says:

      Yo, no.

    • The Twilight Clone says:

      Or maybe employers should just stay the fuck away from prospective employees’ Facebook data. Period.

    • HogwartsProfessor says:

      NO. What I do on my own time is my goddamn business. And the friends and family I friended on my page did not give THEIR permission for this asshat to look at their posts. NO NO NO NO.

  12. maxamus2 says:

    Yeah, cause Facebook should be the only one to determine what to do with your information, how they want to sell it or market it.

  13. chizu says:

    “We have worked really hard at Facebook to give you the tools to control who sees your information.”

    Thanks for the good laugh. I really needed it this morning.

    • Doubting thomas says:

      Facebook has certainly done exactly that. The tools are all there that allow you to restrict each and every bit of information to exactly who you want to share it with. After doing so they completely slacked at telling you where those tools were and how to access/use them.

  14. maxamus2 says:

    Maybe this is one big test by the employer. They ask for your password and those that freely give it the employer says “how can I hire someone that knowingly violates the TOS of a website, how do I know you will keep our companies secrets secret?”

    • HogwartsProfessor says:

      I’d rather believe that than believe they are really, truly using my personal Facebook posts and those of mah peeps (which I am not responsible for) to screen my ass.

  15. dolemite says:

    A few campaign contributions to Congress should clear all of this up. “New bill..says Americans have no expectation of privacy at any time from anyone (especially their employers or the government). If ordered to provide any information by your employer or potential employer or ANY governmental employee, you must comply.”

  16. inputhike says:

    You know what I’d like to see? Facebook shutting down the accounts of corporations who engage in this. Maybe shutting down the accounts of their executives or other employees making these requests as well.

  17. Emily says:

    Good for Facebook.

  18. Jawaka says:

    It really doesn’t matter. They can still tell you to friend a human resources personnel from the company that you’re applying to to give them access to all the information that they likely need. Is Facebook going to then state that it’s against their terms to friend someone?

    • HogwartsProfessor says:

      I can still say no. I don’t want to work for a company that spies on my outside activities, especially if I’m not in law enforcement or any field that requires security clearance.

  19. catastrophegirl chooses not to fly says:

    should my employer ever ask that of me, my response would be “the job i do for you involves handling and protecting sensitve and legally protected [HIPAA] information – and you want me to give up a password to ANYTHING? this must be a test to see how secure i keep information for you. well, i won’t give you the passwords to anything, so i must pass the test, right?”

  20. ScandalMgr says:

    While asking for FB access results in potential liability for EEOC violations, does anybody here use LinkedIn?

    Prospective employers: you are welcome to look at all my profile information, networking friends, and professional society forums posts all you want, because that IS work and performance related.

  21. brinks says:

    And then Ms. Egan added, “Because here at Facebook, WE are the only ones who are allowed to compromise the security of your personal information.”

  22. The Twilight Clone says:

    Still very soft; they’re treading lightly. I was hoping for a much more forceful repudiation of this practice. Then again, Facebook has demonstrated a troubling pattern of dancing around privacy concerns.

    The wording here is extremely cautious and calculated: “…you should never HAVE TO share your password…” Those two words — “have to” — were so obviously inserted by lawyers. Remove those words from that statement and you’re left with a far less ambiguous and squishy position.

    Was this statement made simply to appease users? Does Facebook *really* discourage this? Or do they enjoy their status as the de factor warehouse of private, personal data? Are they thinking, “Hey guys, try to play nice. But if you do want to access someone’s data, we got the goods.”

    A better statement would have been: “Facebook strongly condemns the practice of employers asking for passwords to our system. Not only is this a violation of our terms of service, it is a possibly illegal activity and we will prosecute offenders to the maximum extent of the law.” But that would be a fantasy.

    Sorry Facebook. Try again.

  23. conquestofbread says:

    You can’t accurately get the answers to the questions of race/ethnicity, marital status, gender, or age simply by looking at someone, at least not in all cases.

    Age and marital status being the least obvious and hardest to guess with any accuracy, but available at the top of a Facebook profile.

    Also have known transgender individuals who most people would never know they weren’t born the gender they present. Logging into Facebook, someone may discover through “likes” or associations and decide not to hire someone.

  24. Straspey says:

    This is about money and leverage – for Facebook and the employers.

    Facebook is a multi-billion-dollar business, and will take immediate steps to fend off any actions by other parties which could impact negatively in its brand.

    Faced with the specter of having to show their Facebook page to prospective employers, certain young professionals might be inclined to think twice and perhaps even reduce the amount of time and activity they spend on Facebook.

    Less time on Facebook means less people viewing the ads and links — which translates into less revenue.

    OTOH — The large majority of companies (except maybe those in law and medicine) have their own Facebook pages, where they invite people to follow and “like” them. Imagine the horribly-negative publicity arising from the announcement that Facebook has canceled, and taken down the page of, The Acme Widget Company due to its hiring policy of insisting all prospective employees provide unfettered access to their private Facebook pages.

    This will go away very quickly.

  25. Rod Rescueman says:

    But…but…but… Zuckerman even said himself people want to share everything and “No activity is too big or too small to share.‚Äù

    Disclaimer: I’M KIDDING!

  26. JiminyChristmas says:

    From a purely self-interested perspective I can see why Facebook would find this alarming.

    If I were already on the fence about Facebook because of privacy issues, the thought that my profile might be an issue at my job or while looking for a job would be more than enough incentive to massively purge or just delete the whole thing.

    If Facebook becomes a tool for conducting background checks on you, it’s not fun or social anymore, it’s a total liability.

    • Snip says:

      FB is already being used as a tool to conduct background checks, it’s just that some companies are becoming very obvious about it where they used to do it quietly.

  27. SPOON - now with Forkin attitude says:

    “expectation of privacy” hahahahaha

  28. TerpBE says:

    Facebook should give accounts a “panic room” password, so if it is entered instead of your regular one, it loads a scaled-down version of your facebook page that only includes the information you specified.

    • nishioka says:

      Right, because employers wouldn’t go “ok, now put in your REAL password and let me see the pictures and wall posts”. The better thing to do is just nip the problem in the bud. Employers have no business looking at your Facebook account. Period, end of story.

    • umbriago says:

      Or one that has you feeding the poor, ministering to the sick, fostering kittens, planting trees, and driving a car powered by roadkill you clean up yourself.

      Facebook’s becoming a real monster now, but as I repeatedly say, why anyone wants to freely post about their private lives on the internet is beyond me. Once the genie is out of the bottle it’s not getting back in.

  29. duncanblackthorne says:

    I have a simpler, faster solution to this problem: I don’t have a Facebook account, or any other “social networking” account. Do not want, do not need, not required to have, and my life is perfectly full and rich without any of it. I recommend everyone else do the same.

    • RayanneGraff says:

      I also have a simple solution to this problem that doesn’t require any personal limitations or tinfoil hattery- just stand up for your right to privacy. If someone asks you for info that’s none of their business, tell them NO.

    • Snip says:

      I also don’t have a FB account and I can’t help but wonder if these companies wouldn’t find that a reason to refuse hiring. They are obviously interested in people who have lives that can be monitored by them. Refusing the conditions to be monitored might be almost as bad as refusing to be monitored in their books.

  30. Tacojelly says:

    I’m glad facebook is standing up against this practice. This is egregious, and there is a special place in hell for these people that do this.

  31. Kate says:

    Cool, I did something good for the situation by sending in the tip (I think).

  32. quieterhue says:

    Really good point about how this doesn’t just violate your personal privacy, but also the privacy of your friends. People share a lot of personal information with their friends, information that random HR should not have access to.

    Still I think the onus is on the job applicant to stick to their guns and refuse access. If you want, offer to temporarily friend the interviewer to show them you have nothing to hide, but again that should be totally optional. If an employer insists on access, they suck at their job. There are plenty of ways to judge a person’s character besides snooping around their Facebook page.

  33. Insert nickname here. says:

    Hey, Facebook – and ONLY Facebook – has the legal right to that information. Of course they are going to protect it – this is how Facebook makes its money. At Facebook, YOU are the product!

  34. Press1forDialTone says:

    Facebok 2012 = the end of privacy as we know it.

  35. Press1forDialTone says:

    Facebook 2012 = the end of privacy as we know it.

  36. Alliance to Restore the Republic of the United States of America says:

    Facebook pros:

    1. Maybe kinda reconnect with people from my past.
    2. Pictures of kittens.

    Facebook cons:

    1. Maybe kinda reconnect with people from my past.
    2. Bombarded with friend requests from people I haven’t seen or talked to since high school.
    3. Inundated with petty news, gossip, pictures of ugly babies, trashy photos, evidence of how fat everyone now is, etc., from my shit small hometown.
    4. Every click tracked by nefarious data mining companies.
    5. Propositioned a few times a week by ostensibly hot young girls for “SeXXee chatz. Me love you long time.”
    6. DHS tracking every word I say. If I use the word “bomb” and “airport” and “jihad” in a sentence I’ll probably have my door kicked in and be forcibly introduced to government-sponsored sodomy and simulated drowning at Gitmo.
    7. My girlfriend picks a fight about all the females on my friends list about once a month, without fail.
    8. I have to spend time stripping out the GPS location, device type and other meta-data from the pictures I post before posting them.
    9. I’m treated like a terrorist/hacker or terrorist hacker every time I fat finger my password when logging in.
    10. The government agencies I work for now ask if I have a Facebook account when I switch jobs or come up for my periodic security clearance investigation.
    11. Everyone I know is getting fatter and I now have 20yrs of evidence to attest to that.

    Seems like an easy choice from where I sit.

  37. f5alcon says:

    they should just say that asking for it causes that user to be banned, how many hiring managers will willing get banned from facebook to hire somebody?