It’s called “your” password for a reason

A few months ago there were reports all over the news about companies demanding the Facebook passwords of prospective employees, and still today I find people talking about it. There are various opinions about this practice; some people are for it, and some people are against it. My position is this: you should NEVER give your Facebook password to any company, for any reason, ever. In fact, you should never give any of your passwords to any company, even if it’s the password to access your work computer. Huh? Let me explain.

Many people think of a password as simply a lock that prevents unauthorized access to a system or service. That is only one function of a password. A password not only protects a company’s assets; it also protects YOU. If you give your password to someone else and something bad happens, such as an accident or intentional malicious behavior, you could be held liable. For example, let’s say you’re doing great work at your job, upper management is starting to notice you, and your supervisor feels threatened. If your supervisor knows your desktop password because “it’s company property”, this gives him or her the ability to do things on the computer on your behalf. It looks like you did it. Besides, a supervisor wouldn’t need your password on a properly-configured computer.

In the case of Facebook, I shouldn’t have to tell you why it’s a bad idea to give your password to an employer or prospective employer. But I will.

First, if you do, you’re violating the Facebook Terms of Service (section 4, paragraph 8) and your account could be suspended.

8. You will not share your password (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.

Second, I must restate that a password is for your protection. If you give your password to someone else, and they do something bad, by mistake or on purpose, you could be embarrassed, inconvenienced, or even held liable for malicious behavior.

“If you set the precedent that your private life is open to inspection by your employer, everything is fair game.”

Third, and most importantly, precedent. If you give your Facebook password to an employer, you’re setting a very dangerous precedent for not just you, but for all of us. What’s next? The password to your home computer so they can dig through your files and internet history to see what you think and do? A key to your front door so they can walk into your house when they please so they can see what you do in your private life? If you set the precedent that your private life is open to inspection by your employer, everything is fair game. Would you invite your employer into your home to look through your personal photo albums, eavesdrop on your private conversations, and look through your address book to see who you call friends? Of course you wouldn’t; the very notion is absurd.

There are probably dozens of reasons why you should not give your Facebook password, or any other personal password, to your employer or prospective employer, but the three listed above should be more than enough for any reasonably sane person.

Protect yourself and do not give your passwords to your employer.