Power-on password & fingerprint reader tamperproof?

[732]

Does anyone know how secure are the power-on password and power-on with fingerprint? If I set these on my laptop is it easy or rather hard for someone else to tamper with those? Is it true that only way to remove the password is to reprogram the ROM?

I'm thinkinking of ways to make my laptop more secure but if it's easy to remove then I wouldn't even bother.

[RonS]

If you set both the power-on and hard drive passwords, you will be very safe. They are the only passwords I use. I don't use client security in Windows, just the BIOS password protection.

From what I've heard, the only way to defeat the hard drive password (its set on the drive firmware itself) is to remove the platters in a clean room and transfer them to a non-password protected drive. That's beyond the capability of the common hacker. It's somewhat easier to defeat the motherboard password

An Intel engineer told me once that they did a test with the fingerprint scanner and that eventually they could find someone whose fingerprint would match to the Thinkpad's fingerprinted user. If you want to be really safe, you might consider using only the password feature and not the fingerprint.

[732]

Thank you for your reply. This is what I was hoping for. But how does using hard drive password enhance my protection if I'm already using power-on password? Just so they cannot use the HDD in another computer?

What to think about those people that offer password removal service?

for example:
http://cgi.ebay.com/IBM-LENOVO-Thinkpad ... dZViewItem

He says his method doesn't involve soldering.

[basketb]

The most important part of your Thinkpad (even if it is not the most expensive one) is the HD as it holds all your data. Everything else can be "easily" replaced. Your data only, if you have a backup somewhere else. But even then, you would not want anybody else get a hold of your personal and/or company data.

[richk]

The power on password and the fingerprint data can be cleared if you have access to the supervisor (BIOS) password so it is important that it be set also. The hard drive password is the most secure, and it is important not to choose a password that is easy to guess. Random collections of numbers or letters are good. Turning on passphrase helps. One piece of advice: I see a lot of machines that are so "secure" that the rightful owner has turned it into a brick.

[RonS]

Just to clarify, the hard drive password is set on the drive's firmware itself. For example, with a password set, if you remove the drive and try to use it somewhere else it won't boot up without the password. The data on the platters isn't encrypted, but the drive itself is password protected.

[andyP]

The power-on password is very weak. An hard drive password is quite strong for the reasons mentioned by other posters. If you want to be really safe you could get a hard drive with FDE capability, (Full Data Encryption). The hard drive password will encrypt your files on that drive.

[732]

How come the power-on password is weak? Can you please explain.

The reason why I'm asking all this is because a lot of times other people will be using my laptop but I want to be sure they bring it back. So I thought if I set up a power-on password which enables powering up just with user's fingerprint. The other users don't need to know the power-on password, as an administrator I can set up their fingers for booting and that would be enough for them. They can't sell the laptop or pass it to someone else who's fingerprints are not enrolled in the system.

I don't really care about the hard drive itself because it's a spare HDD and there's no precious data on it. I just want the notebook to be secure. Having HDD password doesn't really help because it's so easy to take the password protected HDD out and replace it with a new HDD. If the motherboard is protected, it would make it much harder to sell this laptop or remove the password.

[andyP]

How come the power-on password is weak? Can you please explain.

Not wanting to break forum rules, believe me

[Marin85]

I can confirm this. It´s also not so big problem to crack the BIOS password as well. So, as the others stated above, the most secure one remains the HD password.

[732]

I can confirm this. It´s also not so big problem to crack the BIOS password as well. So, as the others stated above, the most secure one remains the HD password.

As I mentioned in my previous post, to me HDD password is the least secure because it's just so easy to replace the HDD and sell the laptop with new HDD. But removing the power-on password would take more effort (including soldering?).

I agree the HDD password is the hardest to remove but not the most secure, at least not in my case.

[Marin85]

Depends on what your priorities are. If you are just concerned about stealing the laptop, then OK. But many people set such protection because they have sensitive data on their HDs or to protect their privacy. Both things are much more "expensive" than just a stolen laptop...

Just my 2 cents

Marin

[hart22]

For the OP:

If your main concern when citing the need for increased "security" is to protect the laptop from theft and resale you can also consider Computrace LoJack and StopTheft.

The former places a hidden program in your computer that transmits tracking data very frequently to the main server whenever you are connected to the internet. Upon theft of your machine they quickly attempt to coordinate with the local police to recover it, and if it isn't found they refund you the current market price of your machine (hardware only).

The latter places a large, quite noticeable, metallic seal bonded onto the lid of your laptop. Although replacing the lid assembly enables resale, most thieves are deterred from physical theft by it fairly effectively.

And for hard disk data privacy concerns it's hard to beat disks with Full Disk Encryption coupled with the advice given by previous members.

And for the most paranoid you can try a cable lock between your laptop and your leg.

[Marin85]

And for hard disk data privacy concerns it's hard to beat disks with Full Disk Encryption coupled with the advice given by previous members.

And for the most paranoid you can try a cable lock between your laptop and your leg.

...and best of all, to attach tiny piece of C4 with tiny detonator to your HD which will "react" to any unauthorized access attempt (it´s important to be tiny otherwise you may kill someone...)

[PhilD]

Below is a copy of a post i made in early january which was unfortunately lost (along with a lot of great replies) when the board switched to the new software. i am re-posting here in case the OP isn't aware of all the password options available on our wonderful ThinkPads:

Post subject: "Power on, Supervisor, Master and User HDD Passwords", 1/3/09:
Howdy,

i have a small collection of T6x and X61s thinkpads. i am posting this in the T6x forum because i want T6x specific replies (there appear to be subtle differences in password behavior on some of the older machines).

what i want: (1) prevent honest people from booting up my computer and (2) to prevent dishonest people from accessing the data on my hard drive (if my machines are lost/stolen).

as far as protecting my data, i am not willing to pay the performance hit associated with whole disk encryption software, so that's not an option. i am considering activating the hard disk password on some of these machines and want to make sure that i fully understand the consequences before doing so. this is where i encourage you to share your experience and help me do the right thing.

as best as i can gather from this forum, the password choices are as follows:

[1] power on password (POP) - prevents booting machine without password. password is easily removed through published methods.

[2] supervisor password (SP) - protects BIOS settings, may be recoverable but we won't go there. since it may be recoverable, one obviously should not set a hard drive password to the same value as a supervisor password.

[3] master+user HDD password - i think this option is for machines with multiple users and an IT guru. the user password would be set by/provided to the user(s) for normal use. if the user forgets it, the master password can still be used (by the IT guru ) to unlock the drive and remove the forgotten user password. for obvious reasons, one would not want to (knowingly) set the user and master passwords to the same value.

[4] user hdd password only - this option is most appropriate for single user machines where there is no need for a master password to override the user password (if you can't remember one, how are you gonna remember two?).


my plan is as follows: set POP (keeps the honest people out) and user HDD password (keep majority of thieves out). i will set these to two different values (in case POP is recoverable). i will not set supervisor password (i'm not worried about protecting BIOS settings) or use the master+user HDD password option (i am the only user).

did i get this right?

if i set the user HDD password, will i be able to remove it in the future?

if i put a second hard drive with user password set into the ultrabay, will the machine unlock it too?

is there any other purpose to setting a master password (other than listed in #3 above)?

is there any consequence of turning on the BIOS "use passphrase" option (other than enabling longer / case sensitive passwords)?

what about the TPM? i am afraid of long boot times, what is the down side of keeping it turned off?


thanks very much for taking the time to read this, i will definitely appreciate hearing any of your comments.

phil

[JaneL]

Below is a copy of a post i made in early january which was unfortunately lost (along with a lot of great replies) when the board switched to the new software.

It had nothing to do with the new software upgrade. The thread was removed as many of the messages were straying into forbidden territory.

[PhilD]

oh, i didn't know that, i thought most of the replies in that thread were in accordance with forum policy. sorry for re-posting my original question.

Edit: feel free to delete my post above if you wish, no problem

[732]

I removed the BIOS battery and I tried to power on the laptop. I got a message which said CMOS default settings were loaded and the computer still asked for a pasword (I had POP, SVP and HDP enabled). It cleared the POP password but the computer still asks for supervisor password (which is good). I checked the bios and all the settings are cleared including POP password. SVP and HDP are still valid. So removing just the BIOS battery doesn't help on ThinkPads when you have SVP set.

Mods: Feel free to edit this post if you think it's needed.

[rkawakami]

Correct. Removing the CMOS battery is generally the factory-recommended way to remove the power-on password (POP) if there is either NO supervisor password (SVP; aka BIOS password) or it is known. Why? If there's a SVP present and the user does not know what it is, removing the CMOS battery will force the laptop into a situation where the date and time needs to be reset and the only way to do that is to access the BIOS. If you can't get into the BIOS, then the laptop will not continue booting. This effectively results in "bricking" the laptop.

Whether or not there are ways to get around the BIOS password, this site's rules stipulate that the members here don't go about publicly discussing the details or conjecturing on them. We do allow talking about the POP since it's already a published procedure by IBM.

[732]

It seems that it is not possible to remove the SVP on the T61 without soldering and reprogramming the ROM. So when you are using SVP you can feel pretty secure.

[Crunch]

Just FYI...yes, you can remove the password(s) in the BIOS by selecting change pw, then type in the current password, and then just hit Enter twice, leaving the new password fields empty. Your password is then removed.

[Marin85]

Just FYI...yes, you can remove the password(s) in the BIOS by selecting change pw, then type in the current password, and then just hit Enter twice, leaving the new password fields empty. Your password is then removed.

I believe he is already aware of that