Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

March 26 2012

Passwords and interviews

Facebook password field One of last week's big stories was a new interview question: employers asking job candidates for their Facebook usernames and passwords so they could check on their social history. There was a not-so-surprising amount of commentary, and Facebook pointed out the obvious: giving out your password violates their license agreement, they're not happy, and they're backing legislation to make this practice illegal. (They've backed off on hints that they might take some employers to court.)

However, most of the commentary has missed the obvious point:

What the hell are these guys thinking?

Seriously: have you never heard of social engineering attacks? Have you never heard about attackers calling someone up, saying there's a problem with his computer and they'll need his password to fix it? Or any of a million variations on that theme? You don't have to read much about security to know that the biggest problem isn't obscure bugs in Internet Explorer, it's social engineering. Promise some technical support (possibly for a problem the victim doesn't know he has), or pay for a few drinks in a bar, and you're in. You've got the password, and whatever data lies behind that password. And even if the victim is a low-level employee without access to anything interesting, getting one password makes the next password infinitely easier to get. Sooner or later, there goes the product plan; there goes the HR database; there goes the customer list.

If a candidate proves that he'll give out his password in an interview, hasn't he proven that he'll give out his password in other situations? Hasn't he proven that he's fundamentally unreliable, fundamentally unable to keep secret information secret? On top of that, it sounds like the practice is particularly common in security-related jobs. Where are employers' brains?

I can see one, and only one, reason for asking for a password in an interview: as an underhanded way to weed out candidates who are unfit for any job requiring any serious responsibility. As soon as a candidate gives you the password, the interview's over, and "don't call us, we'll call you." But I'm not advocating that, either: it's just a bad practice. And if you're a job-seeker: I don't really care how badly you need the job, you don't need that kind of employer.

Related:

January 17 2010

Discriminatie oudere werknemers

Oudere werknemers hebben het gevoel bij sollicitatiegesprekken gediscrimineerd te worden wegens hun leeftijd. Van de respondenten in de leeftijdscategorie 46-55 voelt vijftien procent zich gediscrimineerd, tegen slechts één procent in de leeftijdscategorieën daaronder. In de leeftijdscategorie 55+ voelt zelfs een kwart zich gediscrimineerd.

Reposted fromtimedesk timedesk

April 19 2009

Play fullscreen
The struggle for the Employee Free Choice Act
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl