Is a BIOS boot up password a good idea?

Discussion in 'other security issues & news' started by Devinco, Oct 7, 2004.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi All,

    Up to now, I've only used a password to get into the BIOS setup, so others wouldn't change BIOS settings without my knowledge.
    But reading how the Windows password can be bypassed using Linux boot disks and such, would it make sense to use the BIOS password on each boot?
    It could only then be bypassed by popping the CMOS battery and perhaps setting a motherboard jumper. That would then reset the password.
    But with a lockable case, that would be harder.
    On the surface, it seems like the BIOS bootup password would be more secure since no other software can run before it.

    What do you think?
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,773
    Location:
    Texas
    Devinco,

    A bios password is just another lock to keep less than criminal people out.
    If someone wants your data, they can get it.

    What do you think? :)
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi ronjor,

    You are right, of course.
    A burglar would simply steal the whole computer. Then later with time, break the case lock and remove the HD or reset the BIOS password.
    I guess it would be marginally useful in a competitive workplace environment (with backstabbing employees).
    If you are the only user of the computer, then it is unecessary.

    Thanks!
     
  4. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    At one time, several systems back, I used a BIOS password (only for BIOS setup, not for booting). But anytime I had to take it into the shop for service, I'd forget to tell them about that, which of course resulted in otherwise unnecessary additional phone calls back and forth. So I eventually just said the heck with it.
     
  5. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Mike,

    I would still keep the BIOS setup password if you have little ones using the computer or if they have access to it so it won't be messed up by accident.
     
  6. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    Good point, Devinco, thanks. But my youngest is now mid-20's and has her own computer at her place, the only time she touches mine is if she wants to check her Yahoo mail while I'm out walking the dog.

    And it's probably a safe bet that she doesn't even know the BIOS setup exists (I'm set up for "silent" POST), let alone how to get at it or use it.
     
  7. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Hi Devinco!

    Your question is a good one. I think it all depends on the environment you are using the PC in and what "level" security you need. The security level is the most important thing you have to think about before you do anything. Simply, what do I need to protect, from who, and why? Once you know those answers, a security level can be determined. For me, I use the highest security level for Windows XP. That includes a BIOS password on startup - not just setup. In case someone is wondering what I mean by "highest security level for Windows," the answer is that the absolute highest security level for a PC includes running Linux.

    Bottom line: It all depends on what "security" means to you and what level "security" you need. If you would like more info on the levels of PC security - write me.

    John
     
  8. bizfanatic

    bizfanatic Registered Member

    Joined:
    Sep 15, 2004
    Posts:
    7
    Personally, I think the bios password is quite easy to hack. So, having it there or not does not make that much of a difference... to a pro hacker

    Guess its ok if you got really young kids around... but don ever forget the password though. Used to have a friend who forgot. Took us just a while before we managed to hack her pc.. ha...
     
  9. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi bizfanatic,

    Could you please send me a PM about the technique used?

    Thanks
     
Loading...
Thread Status:
Not open for further replies.