A lot of comment, occasionally humorous, has been given to the job interview questions that companies use to gauge creativity, analysis, and other desirable qualities. Managers often read and adapt these as they look for the right qualities in new hires.
I have a new favorite:
What is your Facebook password?
To me, this is a trick question. The interview would be over long before they reached Facebook’s six-character minimum password length. That is because anyone who responds doesn’t understand the basics of computer security and cannot be trusted with their own data, private customer data, and therefore definitely not my company’s data.
However apparently I am in the minority on that. The Associated Press recently reported on how asking for Facebook passwords had become commonplace among both private and governmental employers. That led to a statement from Facebook requesting that companies cease doing so. That has led Senators Chuck Schumer and Richard Bluementhal to formally request that:
- The Department of Justice investigate whether the practice violates computer security laws.
- The EEOC investigate whether it permits employers to discover information that they otherwise would be prohibited from asking during an interview because of nondiscrimination laws.
But beyond that it is simply a terribly bad idea. Please follow my logic on this. Anybody willing to share their password when requested in a job interview is also lax enough to use the same password in many different places, including his work login. That person is also likely at some time or another in the future have an interview with another firm, possibly a competitor. Therefore that person is capable of carelessly giving access to your file servers to a competitor. If that thought doesn’t conjure the image of a job application heading for the shredder it should.
Moreover perhaps managers, in addition to thinking of clever questions to gauge creativity, analytic prowess and so forth, should come up with some questions to measure information security awareness. It clearly is a trait worth seeking.