Helping people with computers... one answer at a time.
BIOS and boot menu passwords can help establish a certain level of security, but they're not a reliable way to protect your data.
As far as safeguarding access to your PC or laptop, won't entering a username or password in the boot menu protect others from getting into your PC at all?
By "boot menu" I'm going to assume you mean the menu that may be presented by your BIOS immediately after it performs its self-test, and before the operating system is loaded.
In short: with one exception, no.
To be fair, it makes things more difficult - sometimes quite difficult - but ultimately we have to return to something I've been saying for a long time:
If it's not physically secure, it's not secure.
Your computer's BIOS is the software that begins running the instant you turn your computer on, often even before your monitor has had a chance to warm up so you can see it. It produces that first text typically on a black screen:
That's the virtual BIOS sign-on from a Parallel's Virtual Machine, yours will look quite different, and will appear after you turn your computer on but before Windows starts.
While it's not commonly used, many BIOS's allow you to configure a password that's then required before the BIOS will proceed to actually boot your installed operating system.
That's actually fairly simply security and will help keep the less technically astute from booting your machine (or reconfiguring the BIOS) when you're not around.
Here's how I'd bypass it in order to access all your data:
I'd take the hard drive out of the machine and place it into a different machine as a second drive. Heck, I could even place it into a USB drive enclosure and access it as an external drive on whatever machine I choose.
Yep. It's that easy.
(As a side note, it's sometimes possible that a BIOS reset - typically accomplished by accessing a jumper on your motherboard if it can be done at all - may also remove any password, also nullifying any security the password may have afforded.)
And that's why I say, no, this is not a viable way to secure your computer's data if someone has physical access to your machine - either incidentally or by having stolen it.
The only way to truly protect the data on a hard drive is through encryption. There are several approaches; the one I happen to use and recommend is TrueCrypt which supports either container based encryption or whole-drive encryption.
So, what about that "one exception" I mentioned above?
It, too, is about encryption.
There are hard drives that can be configured to encrypt the data as its written to the drive. Without the corresponding password (or better, a longer pass phrase) - entered at boot time - the data is inaccessible, no mater where the drive is placed.
Unfortunately, encrypting drives isn't all that common although I suspect that will change over time.
It's possible that a BIOS password may be enough for your needs, but it's important to realize what it is and what it is not. If you're relying on it to protect the contents of your hard drive if your machine is lost or stolen, then you need to find a different solution.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.