Laptop systems have a level of integrated password security not found in most desktop systems. These passwords are separate and distinct from any passwords required by the operating system or other applications installed on the machine. This section examines the passwords specifically associated with laptop systems and their hard disks. Password TypesSome laptop systems can have up to three passwords set on them. Two of these passwords are very secure, meaning that if they are lost, you have essentially no way to recover them, thus rendering the hard drive and/or motherboard completely nonfunctional. Caution These are not benign passwords that can easily be circumvented or reset. If you lose these passwords, short of some very specialized and expensive services (for which you will have to provide proof of ownership), you will not be able to use the motherboard or access the data on the hard disk, even if you move the drive to another system! In fact, both the motherboard and the hard disk will have to be replaced , and all your data will be lost. Clearly it is important to understand these passwords, because if you set them, the implications of losing or forgetting them are quite severe. These three passwords are as follows :
If either the POP or HDP has been set, prompts for this password will appear on the screen whenever the system is powered on. The system will not continue until the respective password is entered. If only an SVP is set, it will also set the HDP to the same value, and yet no password prompt will appear during normal operation. Instead, the password prompt will appear only when the BIOS Setup is run. Power-On Password (POP)The power-on password is a feature available in many portable systems, and it's stored in the CMOS RAM. If it's lost, the POP can be erased in most systems by setting a password-clear jumper (located normally on the motherboard) or by removing the CMOS battery. You will normally find instructions for clearing the POP in the user manual or service manual for your specific system. If a POP is set, you will be prompted (the prompt normally looks like an image of a padlock with a screen next to it) for the password at the following times:
To set a power-on password, follow these steps:
To change a power-on password, follow these steps:
To remove a power-on password, follow these steps:
To remove a power-on password that you have lost or forgotten, use one of the following two procedures. First, if no Supervisor password (SVP) has been set, follow these steps:
Second, if a Supervisor password (SVP) has been set and is known, follow these steps:
Hard Disk Password (HDP)A hard disk password provides a great deal of additional security for your data over the existing power-on password. Even if you set a POP, somebody could still remove the hard drive from your system and then install the drive into another system where he or she could access your data. However, if you set an HDP, nobody else will be able to access the data on the drive in any system without first knowing the password. Because the HDP is actually stored on the hard disk, it stays with the drive until you remove or change it. Doing that, however, requires that you know the password to begin with. If a hard disk password is set, you will be prompted (the HDP prompt normally appears as an image of a padlock next to a disk cylinder) for the password at the following times and under the following circumstances:
To set a hard disk password, follow these steps:
To change a hard disk password, follow these steps:
To remove a hard disk password, follow these steps:
Most 2.5-inch laptop hard drives support the HDP feature, which can be set using the BIOS Setup in most laptop systems. The HDP can prevent any unauthorized user from ever accessing your hard disk, even if the drive is removed from the system. Make sure you keep a copy of the password in a safe place, because if you lose it, you have no way to ever access the drive again! Without the HDP, the drive and all your data will be forever locked up and inaccessible. Supervisor Password (SVP)The Supervisor password provides a different level of security than the POP. The SVP protects the hardware configuration (BIOS Setup) from unauthorized modification. If a Supervisor password (SVP) is set on a system, you will normally be prompted (the SVP prompt normally appears as an image of a padlock next to a person) for the password only when the BIOS Setup is accessed. The Supervisor password is provided for a system administrator to control multiple systems. The SVP is set by the system administrator, and subsequently is not required by the users to use the system. In other words, the users can start their systems without knowing or providing the SVP. The SVP is required only to access the BIOS Setup, and it provides the following security features:
A system administrator can set the same SVP on multiple systems to make administration easier. To set a Supervisor password, follow these steps:
To change a Supervisor password, follow these steps:
To remove a Supervisor password, follow these steps:
Note that when an SVP is set on a system, it automatically sets the HDP to the same value. The user will be unaware that any passwords are set, because in this situation when the system boots up, the BIOS will automatically provide both passwords and the system will appear to boot normally. However, as soon as an attempt is made to go into the BIOS Setup, or when the system hardware is upgraded or the hard disk is swapped into another system, it will refuse to boot unless the SVP (and HDP, which would be the same value) is provided. Caution If you are purchasing a used laptop system, be sure that all passwords, especially the Supervisor password and hard disk password, are cleared from the system, otherwise insure that you know for sure what they are. A system with these passwords set and yet unknown is almost worthless, because without the SVP and HDP, you will not be able to use the system or access the hard disk and will instead have an expensive paperweight. POP, HDP, and SVP Password Cracking?If you lose the hard disk password and/or the Supervisor password for a system, IBM and most other manufacturers will tell you straight out that pretty much all is lost. Here is a quote from IBM's documentation:
Although this sounds pretty bleak, one company has broken the laptop hardware security, allowing both motherboards and hard drives with lost passwords to be recovered. The company is called Nortek (www.nortek.on.ca), and it's the first company I know of to figure out a way around the hardware security. Unfortunately, the recovery services aren't cheap, because the security chip must be removed from the motherboard as well as the drive, and a new one soldered ina fairly delicate operation. The fees for hard drive recovery are as follows:
Considering that you can get a new 80GB or larger laptop hard drive for that price, you can see why you don't want to lose the HDP. Nortek can also recover a motherboard with a lost Supervisor password for a flat fee of $95. Because of the possibility of theft, I do recommend setting both the SVP and HDP on your laptop system. That way, if the system is ever stolen, the thief not only won't be able to get to the data on your drive, but he or she won't be able to use the laptop itself, because the motherboard will be locked up. If the thief then tries to send it to Nortek, he or she will run into a policy Nortek has that states
Nortek also has a link on its site to the Stolen Computer Registry at www.stolencomputers.org, which is a worldwide clearinghouse for information on stolen computers. If I had my system stolen, I would not hesitate to contact both the Stolen Computer Registry and Nortek to let them know the serial numbers of my system so they would be on the lookout for my system showing up for possible "recovery." That way, with the SVP and HDP both set, I can at least rest fairly assured that the thief will have a paperweight on his or her hands, with no access to my data. Windows PasswordsThe power-on password, hard disk password, and Supervisor password are all based on the system hardware and have nothing to do with Windows or any other operating system. As such, these hardware-based passwords do not preclude the use of additional passwords that can be set and maintained through Windows or other operating systems. Refer to your operating system documentation for more information on passwords maintained by the operating system. |