Why to put a hard-drive password on your computers... or a great start to a brand new year

[kproche]

First day back at work after a lovely 10-day holiday, and I discover I've forgotten my Windows logon password, which I'd changed right before the holidays.

Less than ten minutes of research leads me to a very effective offline password editing utility; about an hour later (returning to the problem after dealing with some lab problems and after a bit of fussing to actually create the bootable CD) I've successfully cleared my forgotten password and can boot up my machine (and set a new password).

Fortunately, I remembered the hard disk password, or I'd have been out of luck, because the utility would not have had permission to read or write the security files.

So, campers, here is why this post is public: if you don't have a hard disk (BIOS) password set on your machine, *anyone* can use this same tool to hack your machine. It works with everything up through Vista, apparently (although it's a bit trickier there).

Here's a simple New Year's resolution: take the time to set the passwords on your hard drives.

Comments

[baronlaw.livejournal.com]

Glad you were able to break into your own computer at least.

[jbriggs.livejournal.com]

Only one problem. The one time I used one I forgot the hardware password and had to reformat the drive.

[lisa-marli.livejournal.com]

As a Pooh of Very Little Brain, I think I'll pass. The programs that need to be are already passworded and encrypted. So even if someone could get to the files, they still get nothing. The rest of it, well that will be a waste of their time. I just don't want to lose the data.

[nds-wolf.livejournal.com]

As a tech we have tools that we use to be able to access for many different things.
Mostly recovery cause rebuilding systems SUCK.

[buddykat.livejournal.com]

My company doesn't give us any admin privileges, so we're screwed. Happily, almost everything is stored on the server, so it's not a huge deal... just annoying when you can't update a simple plug-in that you NEED to be able to do parts of your job.

[howeird]

One should be able to clear the BIOS password by opening the case, setting the BIOS jumper to maintenance mode and setting the BIOS back to defaults.

I had the misfortune not long ago to lose a friend who was majorly paranoid about computer security, and at the request of his sister, I cracked his four computers and two PDAs - it was not fun, even with the cracker disk you mention. We had to send his Quicken file to Intuit to get it cracked. I'd advise anyone who locks down their machine(s) to compile a list of all passwords, put it in a sealed envelope and give it to a trusted relative or friend or at least let people know it's in your safe deposit box.

[nds-wolf.livejournal.com]

Amen.

[ravan.livejournal.com]

Ah, yes, BIOS passwords. One of the sales guys put one on his company laptop. Then he left the company. The other guy working with me thought we had a doorstop, because we couldn't reimage the machine. I cracked the case, pulled the CMOS battery, counted 20, put the battery back in, closed the case, and then reimaged the machine.

You can only make it more time consuming, and impossible for the "drive by" hacker, but if a person has physical access to your machine, they will be able to own it. Better to encrypt your "eyes only data".

Also, I second a "oh shit" envelope, even if you stuff it in a safe deposit box with your birth certificate and pink slip.

[kproche.livejournal.com]

Ah, but you see, it wasn't the *system* BIOS password but the *drive* password, which is stored in the drive hardware. Losing that turns the drive into a doorstop, according to most of the service engineers I know.

We actually now have instructions to not bother with the BIOS power-on password, just the drive passwords.

[mikeysmilinguy.livejournal.com]

"Fortunately, I remembered the hard disk password..."

Gah! I ready that as "Fortunately, I remembered the hard dick password.." and was thinking, "boy, if I forgot my password, I'd really be unhappy!" It must be late.