Dealing with Passwords


Laptop systems have a level of integrated password security not found in most desktop systems. These passwords are separate and distinct from any passwords required by the operating system or other applications installed on the machine. This section examines the passwords specifically associated with laptop systems and their hard disks.

Password Types

Some laptop systems can have up to three passwords set on them. Two of these passwords are very secure, meaning that if they are lost, you have essentially no way to recover them, thus rendering the hard drive and/or motherboard completely nonfunctional.

Caution

These are not benign passwords that can easily be circumvented or reset. If you lose these passwords, short of some very specialized and expensive services (for which you will have to provide proof of ownership), you will not be able to use the motherboard or access the data on the hard disk, even if you move the drive to another system! In fact, both the motherboard and the hard disk will have to be replaced , and all your data will be lost. Clearly it is important to understand these passwords, because if you set them, the implications of losing or forgetting them are quite severe.


These three passwords are as follows :

  • Power-on password (POP) Protects the system from being powered on by an unauthorized user . The POP must be entered before an operating system will boot. The POP resides in the CMOS RAM on the motherboard. If it's lost, the POP can be cleared through a relatively simple procedure.

  • Hard disk password (HDP) Protects the information on your drive from access by an unauthorized user. If you set an HDP, others cannot access the data on your hard disk without knowing the password, even if the drive is installed in another system. The HDP resides on the hard disk, in an area inaccessible by the user and the system, and it cannot be accessed or reset if lost.

  • Supervisor password (SVP) Protects the information stored in the BIOS Setup. The SVP must be entered in order to get access to the BIOS Setup and make changes to configuration settings. The SVP is stored on the motherboard in a specialized type of memory and cannot be accessed or reset if lost.

If either the POP or HDP has been set, prompts for this password will appear on the screen whenever the system is powered on. The system will not continue until the respective password is entered. If only an SVP is set, it will also set the HDP to the same value, and yet no password prompt will appear during normal operation. Instead, the password prompt will appear only when the BIOS Setup is run.

Power-On Password (POP)

The power-on password is a feature available in many portable systems, and it's stored in the CMOS RAM. If it's lost, the POP can be erased in most systems by setting a password-clear jumper (located normally on the motherboard) or by removing the CMOS battery. You will normally find instructions for clearing the POP in the user manual or service manual for your specific system.

If a POP is set, you will be prompted (the prompt normally looks like an image of a padlock with a screen next to it) for the password at the following times:

  • During the POST (Power On Self Test) each time the system is turned on.

  • When the system returns to normal operation from suspend mode.

To set a power-on password, follow these steps:

  1. Run the BIOS Setup by pressing and holding the F1 key while turning on the computer.

  2. Select the Password icon and then the Power-On icon.

  3. Type in your desired password and then press Enter. You can use any combination of up to seven alphanumeric characters (AZ, 09). Letters are not case sensitive, meaning that upper- and lowercase letters are treated the same.

  4. Type in the password again to verify it. Then press Enter.

  5. Select Exit and then Restart.

To change a power-on password, follow these steps:

  1. Turn off the system, wait at least 5 seconds, and then turn it back on.

  2. When the POP prompt appears, type in the current password and then press the spacebar.

  3. Type in the new password and then press the spacebar. Remember to use no more than seven characters.

  4. Type in the new password again to verify it. Then press Enter.

To remove a power-on password, follow these steps:

  1. Turn off the system, wait at least 5 seconds, and then turn it back on.

  2. When the POP prompt appears, type in the current password, press the spacebar, and then press Enter.

To remove a power-on password that you have lost or forgotten, use one of the following two procedures.

First, if no Supervisor password (SVP) has been set, follow these steps:

  1. Turn off the system.

  2. Remove the main battery.

  3. Remove the backup (CMOS) battery. The CMOS battery is usually located under the keyboard or next to the memory modules in most systems. See the owner's or service manual to determine the exact location in a given system.

  4. Turn the system on and wait until the POST ends. After the POST ends, no password prompt should appear, indicating that the POP has been removed.

  5. Power the system off and then reinstall the backup (CMOS) and main batteries.

Second, if a Supervisor password (SVP) has been set and is known, follow these steps:

  1. Run the BIOS Setup by pressing and holding the F1 key while turning on the computer.

  2. At the password prompt, type in the Supervisor password and then press Enter. The BIOS Setup screen should appear.

  3. Select the Password icon and then the Power-On icon.

  4. Type in the Supervisor password, press the spacebar, press Enter, and then press Enter again.

  5. Select Exit and then Restart.

Hard Disk Password (HDP)

A hard disk password provides a great deal of additional security for your data over the existing power-on password. Even if you set a POP, somebody could still remove the hard drive from your system and then install the drive into another system where he or she could access your data. However, if you set an HDP, nobody else will be able to access the data on the drive in any system without first knowing the password. Because the HDP is actually stored on the hard disk, it stays with the drive until you remove or change it. Doing that, however, requires that you know the password to begin with.

If a hard disk password is set, you will be prompted (the HDP prompt normally appears as an image of a padlock next to a disk cylinder) for the password at the following times and under the following circumstances:

  • During the POST (Power On Self Test), each time the system is turned on.

  • If you move the drive to another system, you will still be required to type in the HDP during the POST each time the system is turned on.

  • If you have not set a Supervisor password (SVP) in addition to the HDP, you will also be prompted to enter the HDP every time the system resumes from suspend mode.

To set a hard disk password, follow these steps:

  1. Run the BIOS Setup by pressing and holding the F1 key and then turning on the computer.

  2. Select the Password icon and then the HDD-1 or HDD-2 icon, according to which drive you want to set.

  3. Type in your desired password and then press Enter. You can use any combination of up to seven alphanumeric characters (AZ, 09). Letters are not case sensitive, meaning that upper- and lowercase letters are treated the same.

  4. Type in the password again to verify it. Then press Enter.

  5. Select Exit and then Restart.

To change a hard disk password, follow these steps:

  1. Turn off the system, wait at least 5 seconds, and then turn it back on.

  2. When the HDP prompt appears, type in the current password and then press the spacebar.

  3. Type in the new password and then press the spacebar. Remember to use no more than seven characters.

  4. Type in the new password again to verify it. Then press Enter.

To remove a hard disk password, follow these steps:

  1. Turn off the system, wait at least 5 seconds, and then turn it back on.

  2. When the HDP prompt appears, type in the current password, press the Spacebar, and then press Enter.

Most 2.5-inch laptop hard drives support the HDP feature, which can be set using the BIOS Setup in most laptop systems. The HDP can prevent any unauthorized user from ever accessing your hard disk, even if the drive is removed from the system. Make sure you keep a copy of the password in a safe place, because if you lose it, you have no way to ever access the drive again! Without the HDP, the drive and all your data will be forever locked up and inaccessible.

Supervisor Password (SVP)

The Supervisor password provides a different level of security than the POP. The SVP protects the hardware configuration (BIOS Setup) from unauthorized modification.

If a Supervisor password (SVP) is set on a system, you will normally be prompted (the SVP prompt normally appears as an image of a padlock next to a person) for the password only when the BIOS Setup is accessed.

The Supervisor password is provided for a system administrator to control multiple systems. The SVP is set by the system administrator, and subsequently is not required by the users to use the system. In other words, the users can start their systems without knowing or providing the SVP. The SVP is required only to access the BIOS Setup, and it provides the following security features:

  • Only a system administrator who knows the SVP can access the BIOS Setup. If a Supervisor password is set, a password prompt appears whenever you try to run the BIOS Setup.

  • A user can still set a different power-on password to protect his or her data from unauthorized use.

  • The system administrator can use the SVP to access the computer even if the user has set a POP. The SVP overrides the POP.

  • The SVP also overrides the hard disk password. The hard disk is protected by both the SVP and the HDP if both are set. If no HDP is set, the SVP also sets the HDP to the same password value.

A system administrator can set the same SVP on multiple systems to make administration easier.

To set a Supervisor password, follow these steps:

  1. Run the BIOS Setup by pressing and holding the F1 key while turning on the computer.

  2. Select the Password icon and then the Supervisor icon.

  3. Type in your desired password and then press Enter. You can use any combination of up to seven alphanumeric characters (AZ, 09). Letters are not case sensitive, meaning that upper- and lowercase letters are treated the same.

  4. Type in the password again to verify it. Then press Enter.

  5. Select Exit and then Restart.

To change a Supervisor password, follow these steps:

  1. Run the BIOS Setup by pressing and holding the F1 key while turning on the computer.

  2. At the password prompt, type in the Supervisor password and then press Enter. The BIOS Setup screen should then appear.

  3. Select the Password icon and then the Supervisor icon.

  4. Type in the current password and then press the spacebar.

  5. Type in the new password and then press Enter.

  6. Type in the new password again to verify it. Then press Enter twice.

  7. Select Exit and then Restart.

To remove a Supervisor password, follow these steps:

  1. Run the BIOS Setup by pressing and holding the F1 key while turning on the computer.

  2. At the password prompt, type in the Supervisor password and press Enter. The BIOS Setup screen should then appear.

  3. Select the Password icon and then the Supervisor icon.

  4. Type in the current password and then press the spacebar.

  5. Press Enter twice.

  6. Select Exit and then Restart.

Note that when an SVP is set on a system, it automatically sets the HDP to the same value. The user will be unaware that any passwords are set, because in this situation when the system boots up, the BIOS will automatically provide both passwords and the system will appear to boot normally. However, as soon as an attempt is made to go into the BIOS Setup, or when the system hardware is upgraded or the hard disk is swapped into another system, it will refuse to boot unless the SVP (and HDP, which would be the same value) is provided.

Caution

If you are purchasing a used laptop system, be sure that all passwords, especially the Supervisor password and hard disk password, are cleared from the system, otherwise insure that you know for sure what they are. A system with these passwords set and yet unknown is almost worthless, because without the SVP and HDP, you will not be able to use the system or access the hard disk and will instead have an expensive paperweight.


POP, HDP, and SVP Password Cracking?

If you lose the hard disk password and/or the Supervisor password for a system, IBM and most other manufacturers will tell you straight out that pretty much all is lost. Here is a quote from IBM's documentation:

"If you forget your hard-disk -drive or supervisor password, there is no way to reset your password or recover data from the hard disk . You have to take your computer to an IBM reseller or an IBM marketing representative to have the hard disk or the system board replaced. Proof of purchase is required, and an additional charge might be required for the service. Neither an IBM reseller nor IBM marketing representative can make the hard disk drive usable."

Although this sounds pretty bleak, one company has broken the laptop hardware security, allowing both motherboards and hard drives with lost passwords to be recovered. The company is called Nortek (www.nortek.on.ca), and it's the first company I know of to figure out a way around the hardware security. Unfortunately, the recovery services aren't cheap, because the security chip must be removed from the motherboard as well as the drive, and a new one soldered ina fairly delicate operation. The fees for hard drive recovery are as follows:

  • $85 for an HDP unlock only, with no data recovered and no testing or warranty on the drive

  • $145 for an HDP unlock with a 30-day warranty on the drive (still no data though)

  • $295 for an HDP unlock with all the data recovered as well

Considering that you can get a new 80GB or larger laptop hard drive for that price, you can see why you don't want to lose the HDP. Nortek can also recover a motherboard with a lost Supervisor password for a flat fee of $95.

Because of the possibility of theft, I do recommend setting both the SVP and HDP on your laptop system. That way, if the system is ever stolen, the thief not only won't be able to get to the data on your drive, but he or she won't be able to use the laptop itself, because the motherboard will be locked up. If the thief then tries to send it to Nortek, he or she will run into a policy Nortek has that states

"Nortek Co Ltd. realizes the significant responsibility that is associated with circumventing the security features of IBM ThinkPad laptop computers and their associated Travelstar hard disks. With our exclusive technology we provide hardware reclamation and data recovery services for only legitimate owners of these systems.

We will not knowingly recover lost passwords on equipment that has been unlawfully obtained. Nortek requires proof of ownership prior to performing any recovery procedures. Nortek retains the serial number from any system shipped to us for password removal. All systems received are thoroughly investigated to ensure the customer is the rightful owner; any suspicious units are dealt with promptly."

Nortek also has a link on its site to the Stolen Computer Registry at www.stolencomputers.org, which is a worldwide clearinghouse for information on stolen computers. If I had my system stolen, I would not hesitate to contact both the Stolen Computer Registry and Nortek to let them know the serial numbers of my system so they would be on the lookout for my system showing up for possible "recovery." That way, with the SVP and HDP both set, I can at least rest fairly assured that the thief will have a paperweight on his or her hands, with no access to my data.

Windows Passwords

The power-on password, hard disk password, and Supervisor password are all based on the system hardware and have nothing to do with Windows or any other operating system. As such, these hardware-based passwords do not preclude the use of additional passwords that can be set and maintained through Windows or other operating systems. Refer to your operating system documentation for more information on passwords maintained by the operating system.



Upgrading and Repairing Laptops
Scott Muellers Upgrading and Repairing Laptops, Second Edition
ISBN: 0789733765
EAN: 2147483647
Year: 2003
Pages: 182
Authors: Scott Mueller

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net