BIOS-level passwords can be defeated by resetting the BIOS, but a second level of security can still keep your files safe.
Plus: Using encrypted data with 7-Zip, KVM switch weirdness, and curing a “User profile cannot be loaded” failure.
Defeating BIOS-level, pre-boot passwords
After reading the May 14 Top Story, “Better data and boot security for Windows PCs,” reader Frederick Barrow wrote this:
- “Fred: As I recall, you addressed BIOS-level passwords years ago. And at that time, I implemented one. But one day, the techie at my local PC shop said he could defeat the password by removing the on-board battery. I assume that removing the battery would reset the BIOS to default settings — sans passwords. Was he correct?
Yes, most BIOS-controlled passwords can be bypassed by resetting the BIOS. That’s why I discussed a second type of password security in that article. Used together, the two methods are far better than either one alone.
(Note: For this story, BIOS is shorthand for both classic BIOSes and the newer Unified Extensible Firmware Interface [UEFI] system-boot firmware. UEFI PCs can be more resistant to tampering, depending on system design.)
Here are the potential issues with BIOS-based passwords.