[For_Iconoclasm]

I would answer that rhetorical question with no, HR departments have not have heard of social engineering attacks in computer security. Almost any company asking for a password will have a brain-dead HR department in charge of that policy; it's not like your fellow future programmers thought that one up.

[tokenizer]

I agree with you, but isn't this problem?

I mean, I'm not a fan of people not understanding a tool(service) they use, but if your job pertains to asking for passwords, then you should definitely need to understand the repercussions of such a request, at least on a social engineering level.

It's not even programming, it's privacy. If companies are going to continue to hire non-technologist that use technology especially in a specialized way like this, then they're going to continue to make common-sense mistakes like this.

[For_Iconoclasm]

Oh, it is absolutely a problem! But, having people not knowing what they're talking about has always been a problem. Nothing short of a strictly-enforced policy mandating that HR departments need to have decent knowledge in a certain area will change that.

Besides privacy, it could turn out that HR involved in other domains are broken relationships. If anybody has any examples, I'd love to hear them.