There are many new risks for our home and work computers and many ways to protect them from these risks. In this post, I will go through some thoughts on BIOS passwords and should we use them. If you are not familiar with what BIOS is, don’t worry I will explain all you need to about it in this post. I will also cover how to set up a BIOS password, remove it and what to do if you forgot what your BIOS password was.
What is BIOS
We will start off by explaining very briefly what BIOS is and what does it do. Shortly, BIOS (Basic Input/Output System) is a firmware that checks the functionality of the components when powering on the computer. It also loads the bootloader which initializes an operating system.
BIOS is stored in the non-volatile memory of the computer, known as ROM (Read Only Memory) which is a memory that won’t get erased when powering off the computer. You can’t sore anything on the ROM or it is very slow and hard to do, ROM is only meant for the firmware, in this case for the BIOS.
BIOS does a power-on-self-test (POST), the POST tests all the parts of the chipset, which means components directly connected to motherboard such as RAM, CPU, PIC and DMA controllers. It also tests mass memory devices (HDD, SSD, M.2), GPU and other hardware components attached.
After checking that everything is working properly BIOS locates a drive that contains boot loader software. When all the devices with boot loader software (commonly only one storage drive with the operating system you use) are located, it tries to boot from the first one, or the one that has been selected as the primary boot device. You can change the boot priority settings from the BIOS.
When the bootstrapping is successful, meaning that the boot software at the boot device was readable, the computer is booting up. Shortly, you will see your welcome or login screen for your users.
Why is my BIOS mainly blue?
You may wonder why the BIOS backgrounds are usually blue. That is simply because the BIOS color attributes are 8-bit values. Lowest 4-bits are used for character colors and the highest 4-bits represent the background colors. The highest hexadecimal value of these 8-bits is black and lowest is white.
To get the best contrast, the lowest and highest values are used. However, the white text appeared to be blinking with the black background and so the second highest value for the background is used, which happened to be blue. With a blue background, there isn’t this blinking text issue and that’s why the backgrounds are commonly blue.
New gaming computers that are made for overclocking and require a lot of BIOS settings, might have very different BIOS than the “normal” computers.
Why would I need a BIOS password?
Now that you have basic knowledge of what BIOS is, we can go ahead and set up a BIOS password. What BIOS password does is that when your computer boots up, it will ask for a password before booting up. This adds an extra layer of security to your computer. The reasons why it enhances your security are explained below.
First of all, anyone who tries to get access to your computer will need to guess your BIOS password and user’s password. This makes it a lot harder to break into your computer and browse through your work or personal documents. Remember to use different and hard-to-guess passwords, otherwise, the BIOS password might end up being just a waste of time.
Secondly, it will prevent other people to make changes in your BIOS settings and for changing the boot priority from your hard drive to a USB drive. This way the attacker can boot your computer from their USB stick which has a working operating system in it.
USB bootable operating systems pose a threat for your files since the attacker can just change the booting order from BIOS to the USB drive and then run their own operating system on your computer. This allows them to browse your files if they aren’t encrypted. They can even just copy and paste them to another USB drive or external hard drive to steal the documents. Power off, remove USB drive and you won’t even notice anything happened.
Using your computer with BIOS password
You are able to use your computer just as before, you will just be prompted to write your BIOS password in the password field when powering on your computer. When you write the correct password and hit enter, the boot process will continue. After the booting has finished you are able to log in your user account normally.
We all have work or personal documents or images we want or need to keep just for ourselves. To secure better your documents and other files and images, you can set up a BIOS password. It will be asked every time your computer boots up or when you try to enter BIOS settings, so as long as you shut down your computer properly before leaving it alone, the BIOS password is helping you secure your computer.
Downsides of the BIOS password
As you noticed, we talked about how you can reset your BIOS password and that it isn’t very hard, you might now think that BIOS password is just a waste of time, or that it will only slow down the attacker. This is somewhat true, but it really depends on what kind of computer you have and what are the possibilities for a longer physical access for the attacker.
Since the BIOS password is resettable just by getting access to the CMOS jumper/battery, it is fairly easy to reset the password in desktop computers if the case opens easily. If the attacker is able to open the case, they can also just grab your hard drive and run.
However, if you are using a laptop, accessing the CMOS battery is a lot harder and more time-consuming. It also requires tools and might produce some noise depending on what kind of laptop you happen to have. When the laptop is opened, it is easy to reset it or again, just grab the hard disk drive. In most cases, the attacker would just steal the whole laptop.
How to set up a BIOS password
Okay, now that you know what the risks and the actual benefits are, you might feel like setting up a BIOS password for your computer. If you don’t, I understand, it isn’t that important for all of us. However, if you would like to set up a BIOS password, here is a simple tutorial on how to do it.
First, you need to access your BIOS, this is done by turning your computer off and turning it on again. While it’s booting you will need to press down a specific keyboard key to enter the BIOS. This key depends on the computer manufacturer, check from below what key you need to press. The key is also presented on the screen, but it might be visible for only a very short period of time.
I personally press the button multiple times until I see that I made it to the BIOS. Now that you are in BIOS, you might notice that your mouse isn’t working, this depends a lot on the manufacturer. In BIOS you need to usually navigate with the keyboard. Use arrow keys to move and enter to select, usually, you can see what every key does from the BIOS itself. Sometimes you are able to use your mouse.
Navigate to security tab and you should at least see these:
- User Password
- Administrator Password
User Password sets the password for booting the computer, this means that you need to enter the password before the computer can proceed with the booting.
Administrator Password sets the password needed to access BIOS again. This password is asked when you try to access BIOS.
You might want to set up these both, depending on your needs. Be sure to remember these, since the resetting of these passwords isn’t as nice as setting them. Especially on laptops, it is a pain to reset the BIOS passwords.
Resetting the BIOS password
Resetting BIOS password is easy, just enter BIOS as you did earlier and navigate to the security tab. Just go on top of the selection for the password you want to change or delete and hit enter. You will be prompted to type the old password and after that, you have to create the new password. Then you are prompted to confirm the changes, navigate to the save tab of the BIOS and hit “Save And Exit” and you are done. In case you can’t remember the password, read further.
Clear CMOS using a jumper
If you are using a desktop computer, you need to find a small CMOS jumper in your motherboard or the CMOS battery. When handling your motherboard, make sure you are grounded so you don’t damage it with static electricity.
The CMOS jumper and battery are usually fairly close to each other and easy to locate, just look for a small round battery with a 2-pin connector. The jumper probably has a text like CLEAR CMOS, CLEAR, CLR CMOS, PASSWORD or CLR PWD close to it.
Move the jumper to the “clear” position or remove the plastic piece from the jumper’s pins entirely. Refer to your motherboard manual for the right steps for your motherboard.
Now that you have cleared the CMOS, you need to turn your computer on and off again. When your computer is turned off again, you have to put the jumper in the position it was before or put back the plastic piece as it was.
Close the case, we don’t need to get access to the motherboard anymore. The CMOS should be reset, as well as all the BIOS setting along with the BIOS password. You need to set up the settings and the BIOS password again.
Clear the CMOS by removing the CMOS battery
If you are using a laptop there most probably isn’t a jumper to clear the CMOS. Some desktops won’t have the jumper either. Make sure that you have removed the main battery from the laptop, if possible. Remember to ground yourself as well to avoid any damage to be done to your motherboard.
Locate the CMOS battery, it is round and connected with a small and usually short cable to the motherboard. Unplug the CMOS battery 2-pin connector for few minutes and plug it in again. Then turn your computer on and set up all the settings in your BIOS you need and then set up the new BIOS password.
As it might seem to be not worth setting up a BIOS password, there are some cases it might be very useful. If your computer and hard drive are physically secure, you can prevent your files from being browsed by co-workers, roommates or any other people that are just curious to find out what you have in your computer but are not willing to go further than that. If you happen to leave your computer unattended, in most cases it’s not secure.
In the end, all security begins with physical security. If you can’t protect your computer physically, it isn’t secure. You can only slow down or make it harder for the attacker, but usually, there is a way to get in.