Reasons to use BIOS password

[It's Not Lupus]

I never added a password to the BIOS on any of my systems. I don't see a point other than setting it to prevent some prankster from setting it himself and locking me out of the BIOS (does it prevent an OS from loading?).

Do you have it set, and why?

 

[PliotronX]

At every company there is at least one "guy who knows enough to be dangerous." We'll call this one Chris for example. So say we have a deployment policy for mobile Windows computers to enable TPM and Bitlocker and Chris decides he wants to fiddle with the BIOS and messes with some settings and cannot boot any longer. Say this is a location two states away and has all kinds of engineering data that is needed for daily operations. Chris should be locked out of the BIOS. And kicked in the face.

 

[Cerb]

Dumb people that think they have a clue about computers will change BIOS settings and frustrate the **** out of you, wasting time on the phone, at the PC, and maybe driving. You won't even notice that was the problem at first, usually.

For a personal computer, there is no reason whatsoever. Usually, you can reset the PW if you can open the PC, so it's not like a major security wall.

 

[Gunbuster]

In a business setting you might want to secure the settings so for instance a user could not set it to boot from USB or DVD as that would allow them to change the local password or access data on the HDD directly.

But yeah you have to physically secure it otherwise one can just pull the HDD.

Wont even go into TPM or Bitlocker.

 

[It's Not Lupus]

Wont even go into TPM or Bitlocker.

i'm actually interested a bit.

 

[ultimatebob]

They probably don't want people changing the boot order of the system, so they can boot up something like an Ubuntu Live CD or a Windows password reset disk to bypass system security.

In other words, it's mostly pointless IT Nazi crap.

 

[mfenn]

They probably don't want people changing the boot order of the system, so they can boot up something like an Ubuntu Live CD or a Windows password reset disk to bypass system security.

In other words, it's mostly pointless IT Nazi crap.

You identified two legitimate reasons why someone would want to lock out the BIOS and then call it "pointless IT Nazi crap". How does that make sense?

 

[ultimatebob]

You identified two legitimate reasons why someone would want to lock out the BIOS and then call it "pointless IT Nazi crap". How does that make sense?

Because I hate IT Nazis. I'm smart enough to maintain my own computers, thanks.

 

[Gunbuster]

Because I hate IT Nazis. I'm smart enough to maintain my own computers, thanks.

Of course, because you know your way around a computer IT should throw all procedures for everyone out the window.

 

[mfenn]

Because I hate IT Nazis. I'm smart enough to maintain my own computers, thanks.

The thing is, it isn't your computer, it belongs to the company. It's set up in a way that allows you to do your job, but also allows the IT staff to manage the machines by the hundreds. Having machines vary from the standard becasue the user went in and "tweaked" stuff them just makes maintenance and upgrades take longer than they should.

If your company has a BYOD policy, then that's different, and you can do whatever you want to your machine. That's a two-way street of course: you don't get to ask for help on the machine either and are on your own for repairs.

 

[Morbus]

At every company there is at least one "guy who knows enough to be dangerous." We'll call this one Chris for example. So say we have a deployment policy for mobile Windows computers to enable TPM and Bitlocker and Chris decides he wants to fiddle with the BIOS and messes with some settings and cannot boot any longer. Say this is a location two states away and has all kinds of engineering data that is needed for daily operations. Chris should be locked out of the BIOS. And kicked in the face.

In all fairness, that's more an apology for a kick in the face than for a BIOS password.