Why Facebook? Or--more specificially--why only Facebook? People have accounts on Facebook, Twitter, Google+, LinkedIn, Path, and others. They can call, chat, or video conference with Skype, or share location information on Foursquare. They can post pictures of confidential product plans on Pinterest.

If the goal is to monitor behavior to see who the employee is hanging out with, and what sorts of activities he engages in on his personal time, Facebook is just one of many, many potential outlets for that information. If an employee willingly surrenders his Facebook password to you, he could simply create an alternate Facebook profile where he shares the real dirt, or let the Facebook account stagnate while he resorts to other social media networks to share his personal life with those he actually wants to see it.

If the goal is to ensure that company data or sensitive information is not being leaked through social media, Facebook is just one vector. Granted, Facebook is the most popular and well-known, and it may be a good place to see if users are accidentally sharing information they shouldn't be. But, if an employee is intentionally trying to extract data from the company, there are plenty of other options you won't have access to with a Facebook password.

The practice is at least unethical, if not illegal. There is simply no valid reason for an employee to give you his or her Facebook credentials--or any other password for that matter.