"Stupid" is not a word I use lightly - at least not in professional writing. But a news story made the rounds this week on the web which can be described no other way.
Apparently, there are a few HR departments out there (including a few state agencies) which are asking employees and employment applicants to provide the passwords to their social networking profiles on Facebook or other social networks. The reason given is that this is both an inexpensive way to do a background check on a potential hiree, and a way to keep tabs on current employees' communication.
The public outcry about this focuses on employee privacy. It is a privacy violation, but that's not the biggest problem. The main issue here that any human resources manager who would think it's a good idea to log in to employees' or potential employees' private social networking files - then keep a log of those passwords - is setting his or her company up for a massive lawsuit and/or public relations disaster.
As Cindy Krischer Goodman points out on The Work/Life Balancing Act, by accessing private data employees might not normally share with an employer, the employer can make itself vulnerable to discrimination lawsuits.
On a more practical level, if someone's profile is hacked - even if it's by a phishing scammer - that person is going to automatically suspect anyone who has the password to his or her profile. Would you want your human resources office to be constantly on the defensive against accusations of hacking into people's Facebook accounts, for example, and spamming their entire contacts list (a common occurrence on the popular social networks)? Of course not.
For those who have not been in the corporate workforce in a while, no, employers do not typically want your passwords. Generally, there are policies that prohibit sharing of any passwords - even the ones used internally for company-owned software programs. No respectable employer who understands social media would require you to give your password to any of your private accounts.
Techdirt has an interesting discussion, asking whether asking for such passwords should be illegal. I'm not sure that's where the focus should be. I think as more people become aware of the dangers of such a practice, most employers will develop internal policies (if they haven't already) prohibiting such a practice.
Meanwhile, if you are asked by your employer or a potential employer to provide your password to any of your private (not company-related) profiles, what can you do? Here are some options.
1) If this is a potential employer, consider whether or not you actually want to work for someone who would require this from you? Maybe this is a good time to just say, "no" and walk away.
2) If you really need the job (or need to keep the job), consider setting up dummy profiles just for this purpose, and give those passwords to the employer. If you do this, make your "real" profiles visible only to your close friends and family while you are working there.