T61 security

[Liamo0o]

Im buying a T61p, I'm going to college next year, I'm concerned about theft. Do any of you have any recomendations or experiences with security mechanisms for notebooks? I will be purchasing an advanced mini dock as well

Thank you,
Liam

[RonS]

My only suggestion is that you enable both the system and hard drive passwords in the BIOS. Set the passwords the same, so that you can log on with a single password. If someone steals your system, s/he will be getting a brick. The motherboard and hard drive will be unusable without the password.

As for physical security, perhaps someone else can chime in...

[acasto]

For my T60p, I did all that RonS suggested above, as well store my /home directory in an encrypted partition, just in case they got around the hard drive password. I also did the thing where you can change out your POST image with one that has "Property of.... return for reward..." on it. With the BIOS passwords set, nobody could change that image, so every time it is turned on your name and contact info comes up, an obvious sign it's stolen. So, maybe once they realize it's a brick, or whoever they sell it to, may decide to cut their losses and try and return it for the reward. Just don't make the text so obvious that everybody sees it and someone gets the bright idea to steal it solely to return it for a reward.

I have found the above, plus never letting it out of your sight and carrying a handgun, provide adequate protection

[whizkid]

Do NOT set your passwords the same. It's not helpful.

You can set only the supervisor password, but that only appears if you try to enter the BIOS or change some hardware (like change some RAM). If the culprit never does that, the next owner will. So a power-on password that is short, even if not a good one, should scare most thieves.

Setting the supervisor password will also set the hard drive password, making it unreadable without that password. I've never heard of anyone getting around one of those passwords without extra hardware.

I once got around a supervisor password (that I set, and gave to someone with the computer, who lost it) by replacing the security chip on the motherboard, but I still have that bricked hard drive sitting here... taunting me.

You might also look at something like http://www.yellowtag.com/ which will make it very easy for someone to return it to you without even turning it on. (It's not just for pets.)

If there are times when your roommate might have guests, make sure your dock has a key. Take the key with you, and get a computer security cable.

Set your computer to require a password when it wakes up.

Use passwords that are of high quality. I like to make a sentence with a number in it that's easy to remember, like "I live in Griggs Hall room 923" would be "iliGHr923".

[commander]

What about fingerprints? It is possible to turn on the computer ONLY with the fingerprint?

I am using fingerprint in a log-in to the windows, but I can still write the password, so this is only "shorcut", where I couldn write my long password every time.

Is any noticeable performance drop, when you have encrypted all partition? I want to divide the HDD to 3 partitions - recovery/system+apps/data. When anybody steal the laptop, he can read the data partition. So I am thinking about encrypting. How It works, its decrypted in a boot-time, or when?

[whizkid]

If your hard drive has a password set, and it has a power-on password set, there is no way to read the drive, even if it is moved to another machine.

The only reason I would advise against that is if you think you might lose your password, in which case it is probably easier to either erase the drive and use it again, or to crack the encryption.

In any case, you'd have to find a good source that benchmarks drive encryption, but I'd think that with modern CPUs that the delay would be minimal.

[commander]

Ok, I found that in the CSS I can do only 2GB encrypted file.
So If I set power-on password and HDD password, it seems to be enaught ok? It is possible, to do this password by fingerprint? I have checked in CSS power-on fingerprint, but when I swipe the finger, even when I have HDD password the same, I have to write it after swiping as a power-on.

I don't understand the supervisor password - what is the difference between those and when it is required?

Thanks!

EDIT: From whatever reason, suddenly fingerprints works, so I can set both power on and HDD passwords via one fingerprint. Great!

But, I dont know why, before this, windows fingerprint login was automatically done if I fingerprint on start-up, but now I must swipe again during windows login.