This employer’s taken the concept of online background checks to a new level.

Candidates applying for jobs with the city of Bozeman, Montana, are asked to list “any and all” Web sites, chat rooms and social networking groups they use (“including but not limited to Facebook, Google, Yahoo, YouTube.com, MySpace, etc.”) — along with their usernames and passwords.

Many hiring managers Google applicants’ names or look for them on Facebook, but actually logging in to their personal profiles is something new entirely.

Why does Bozeman want that access? According to city attorney Greg Sullivan, it’s “to make sure the people that we hire have the highest moral character and are a good fit for the city,” The Consumerist reports.

Sullivan also said the city doesn’t look at “the things that the federal Constitution lists as protected things” (whatever that means).

The story drew a lot of attention and outcry from the media, potential Bozeman employees and HR pros. That’s not surprising, considering there’s a debate going on about whether hiring managers should even look at candidates’ profiles, let alone obtain log-in information.

Apparently all the press got the city rethinking that part of the application. In a recent press release, Bozeman announced it will “suspend its practice of reviewing candidates’ password protected internet information until the City conducts a more comprehensive evaluation of the practice.”

What do you think? Did the public overreact to Bozeman’s hiring practice, or was the negative response justified?

Should social networking profiles play any role in the background check process at all?

Let us know what you think in the comments section below.

HR is a goldmine for confidential personal information that’s often the target of identity thieves. Anyone working in the HR department needs to be careful about keeping that data safe. The first step: secure passwords.

Some tips for passwords that are tough for hackers to break:

1. Use at least 8 characters, with a mix numbers and upper and lowercase letters. When a password’s only made  up of five letters, there are 11.9 million possible combinations. Sound pretty safe? Not when you consider that a password with eight mixed characters has 899.2 trillion possibilities.
2. Come up with nonsense. Many people create passwords out of actual words or phrases, because they’re easy to remember. But those are also easier for hackers to find out.
3. Change it up. Everyone in the HR department should come up with a new password once a month. One tip: Load monthly reminders on your and staffers’ computers.
4. Log off. The best password in the world doesn’t do any good if the user stays logged in constantly. When working with sensitive information, it’s important to log when stepping away even briefly. Otherwise, any passer-by should find a screen full of valuable info.

A recent survey asked IT employees that question. The result: 88% would take sensitive company information with them on the way out, according to the polls by security solutions provider Cyber-Ark.

The most targeted types of information are passwords, financial reports, customer databases and R & D plans.

Passwords rank as the most coveted piece of information. A third of the devious staffers said they’d take password lists out the door with them. If unchanged, those passwords could give ex-employees access to any information in the company’s network.

Cyber-Ark’s advice: Change passwords routinely and have IT departments give access rights only to the employees who need them.