I have a theory my Dad is a CIA Agent. There – I said it. If this post is not here tomorrow you’ll know why. Oh, and all your minds are going to be erased after reading this.

You see, I had a friend in Thailand whose Dad was a CIA agent growing up. He posed as an Accountant, even worked for an Oil company in Thailand, and his family, as far as they were concerned, thought he worked for the Oil company.

One day his Dad never came home from work. After some worry and searching, the family came to find out their Dad was not at work at all, but was actually captured in the Killing Fields of Cambodia over the Thailand border. This guy also lived in Houston where I grew up, and I actually got to hear the story from the Dad while there. The Dad has an entire story of using Urine for mosquito repellent, eventually escaping from a hole in the ground, and running naked through the jungle escaping over the border into Thailand. Pretty cool, if you ask me.

You see, my Dad growing up would often spend up to a month oversees. He would travel to countries such as Nigeria, Kuwait, Egypt, Syria, and we even lived in Indonesia for three years. It was while living in Indonesia that the Libya bombings took place. He was actually in Soviet Russia just down the street while the Coup was knocking on the Kremlin walls. He was there multiple times before that (we have in our possession a Soviet General’s uniform, among several coins, Soviet memorabilia, etc.).

Then, in the US, he was working for another “oil company” in Houston during the entire time the whole Enron scandal was going on. He later moved to Virginia, and lo and behold 9/11 happens while over there. Not to mention the company he was working for at the time happened to have its own accounting scandal. He’s now in Boston – I wonder what’s going to happen there.

My Dad never talked about work much growing up. He was somewhat muscular. Maybe it’s the whole “superhero dad” thing, but I think I am left with no other conclusion. My dad is in the …. wait, I seem to be forgetting what I was typing about.

Several places I have worked have implemented a security system of requiring employees to change their passwords frequently. The idea is simple. If your users change their passwords frequently, it is less likely someone might find their password and be able to get into the system. It makes a lot of sense when you think of it that way.

I tend to think the practice is counter-productive however. I personally have a couple passwords I like to use, can remember, that are very long, have multiple character-sets in them, numbers, letters, etc. However, at each company I have worked at I have come to realize I find myself using shorter and shorter passwords that I can remember and not forget, because I run out of the long ones I know and use regularly. I can almost guarantee no one will be able to break easily any of the long passwords I use. I cannot guarantee the ones I change frequently at the companies I work at won’t be cracked. I think it’s time companies like Microsoft rethink their frequent password-change strategy that they allow companies to deploy throughout the network. I think it encourages bad security.