BIOS Password Security

TL;DR

Your BIOS password might be easier to crack than you think. This guide shows how attackers find them and what simple steps you can take to make your system much more secure.

Understanding the Risk

The BIOS (Basic Input/Output System) is essential software that starts your computer. A BIOS password protects this, preventing unauthorized access. However, default passwords or weak passwords are common vulnerabilities. Attackers can bypass these using readily available tools and techniques.

Steps to Improve Your BIOS Password Security

1. Change the Default Password: This is the most important step! Many computers come with a pre-set password (often blank or ‘password’). Change this immediately.
   • Accessing the BIOS Setup: Restart your computer and press the key displayed during startup (usually Del, F2, F10, F12, or Esc). The exact key varies by manufacturer.
   • Locate Password Settings: Navigate to the ‘Security’ or ‘Password’ section within the BIOS setup.
   • Set a Strong Password: Choose a password that is at least 8 characters long and includes a mix of uppercase letters, lowercase letters, numbers, and symbols. Avoid using easily guessable information like your name, birthday, or common words.
2. Enable BIOS Security Features: Modern BIOS often include features to enhance security.
   • Boot Order Protection: Prevent booting from external devices (USB drives, CDs) without a password. This stops attackers from loading malicious operating systems.
   • Secure Boot: If your system supports it, enable Secure Boot. This verifies the integrity of the boot process and prevents unauthorized software from running.
3. Disable USB Boot (if possible): Attackers often use bootable USB drives to bypass operating system passwords.
   • In your BIOS settings, look for options related to USB booting or external device boot order. Disable these if you don’t regularly need to boot from USB.
4. Consider TPM (Trusted Platform Module): A TPM is a hardware chip that provides advanced security features.
   • If your motherboard has a TPM, enable it in the BIOS settings. This can be used for full disk encryption and other security measures.
5. Keep Your BIOS Updated: Manufacturers release updates to fix vulnerabilities and improve security.
   • Check your computer manufacturer’s website for BIOS updates specific to your model.
   • Follow the instructions carefully when updating the BIOS, as a failed update can render your system unusable. Typically this involves downloading an executable file and running it from within Windows or using a bootable USB drive.
6. Be Aware of Physical Access: The biggest risk to your BIOS password is someone with physical access to your computer.
   • Secure your computer physically to prevent unauthorized access.

Checking Boot Order (Example)

To check and modify the boot order, you’ll typically find options like these in your BIOS:

Boot Option Priorities:
1st Boot Device: Hard Drive
2nd Boot Device: CD/DVD Drive
3rd Boot Device: USB Drive

Ensure that the hard drive is set as the first boot device and disable or move USB drives to a lower priority if you don’t need them for booting.

Important Note

If you forget your BIOS password, resetting it can be difficult and may require contacting your computer manufacturer. Document your password securely!