Step 4: Managing the BIOS password

An unknown BIOS password can be a pesky obstacle to overcome. Find out the best methods for solving this problem in this step-by-step guide.

Once you've guessed, cracked or somehow reset your BIOS password, it's time to think about handling things differently

in the future. For starters, consider adding your own BIOS passwords yourself. I've always recommended at least protecting the BIOS configuration with a password. Sure, if it's easy to guess or accessible via a backdoor default, that can defeat the purpose. But, if anything, it can keep your non-technical users from going in and making configuration changes to their systems, locking you out and preventing administrative headaches down the road.

You could also consider adding power-on passwords to critical systems such as servers and laptops. It could be argued that every system is critical if it provides network access or contains sensitive information. (I haven't come across a computer that doesn't meet at least one of these criteria.) This could certainly add some administrative overhead, especially for remote users and servers stored in unmanaged offices or data centers that have to be rebooted occasionally. As I've shown here, adding BIOS passwords is not a foolproof measure, and they may just cause more trouble than they're worth, so proceed with caution. BIOS passwords do offer another layer of security that can buy you time or force an amateur hacker to give up. Bottom line, determine what's really at risk, how BIOS passwords would fit into your organization's culture and politics, and refer back to some alternate recommendations listed at the end of my laptop hacking guide.


BIOS password hacking

 Home: Introduction
 Step 1: Guess BIOS passwords yourself
 Step 2: Fiddle with the hardware
 Step 3: Crack them with software
 Step 4: Managing the BIOS password

ABOUT THE AUTHOR:
Kevin Beaver, CISSP, is an independent information security consultant, author and speaker with Atlanta-based Principle Logic LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments. Beaver has written five books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, (Wiley) and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver@principlelogic.com.
Copyright 2006 TechTarget
This was first published in September 2008

Dig deeper on User passwords and network permissions

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close