Two to three times a week, some version of the question below is posted:
"I have a laptop that (was given to me / I bought on ebay / I forgot the password for). I can't (start it / upgrade the BIOS / change BIOS settings) because it's asking for a BIOS password. I don't know what the password is. What can I do to override the BIOS password?"
Here's a summary of what has been learned and reported here on EE over the past few years.
This question occurs very frequently. If you have information to add to or update this article, please contact me so that the information can be kept up to date.
Removing the BIOS backup battery seldom works on a modern laptop. Indeed, every search for "BIOS password removal" turns up "Remove the BIOS backup battery." About twelve years (at this writing in 2018) ago this did work on some machines.
But manufacturers quickly realized security that can be defeated this easily is no security. In addition, most governments and many corporations would not buy laptops where the security can be defeated at all. Therefore manufacturers now build all laptop systems to either extremely difficult or undefeatable standards of security.
BIOS passwords are now stored in mini-flash chips, separate from the BIOS chips. Removing the BIOS battery has no effect on those flash chips, but it does destroy all BIOS configuration settings (which can cause even more problems, made worse because they can't be reset due to the password) and as lagniappe, the clock loses the time and date. There were still some individual exceptions among the "brand name" manufacturers up until about 2015, but they were few then and at this writing (2018) only very low budget "off-brand" systems can be defeated this way.
If you can prove to the manufacturer that you are the registered owner of the laptop, they can sometimes issue an override password. This is true for (a) older systems (b) without the TPM (see below) or (c) under very specific conditions where the BIOS issues a "challenge hash" in response to repeated access failures.
If the manufacturer does offer this service, expect it to be expensive. Even if the system is still under warranty, they charge for this service.
(2016) Must prove ownership. 800-816-2237. $100 plus tax. Not covered under warranty. Must be shipped to Acer repair depot.
(2017) Must prove ownership. 800-624-9896. $50 for out-of-warranty.
(2015) In 8 calls, the best response I received is that there is no solution other than ship-to-depot service and that the system must be both current and under warranty.
There is a "password reset team" for some models. HP phone support denies this. Faxable request form (10 years old): http://forums11.itrc.hp.com/service/forums/getattachment.do?attachmentId=49108&ext=.pdf. Voice number dead, FAX number active 10/2009. $70 charge.
HP service centers and some HP authorized techs have reset software for some older models. HP phone support also denies this.
(2015) See this page first: http://web1.toshiba.ca/support/TechSupport/TSBs/ALL/-TSB000593.htm
"Only an Authorized Service Provider can clear a Password if it has been forgotten. You will be required to show proof of ownership to the ASP prior to having the Password removed this way."
If you can't prove that you own the laptop, some businesses claim to be able to override passwords for some models. This is a very gray area and cannot be discussed here. Google for information.
If a password override is not available for your system, the password chip itself can sometimes be replaced (but see below regarding TPM systems.)
Special SMT desoldering and resoldering equipment is required; this is not a job that can be done by hobby grade equipment. If you have such equipment, some chips are available on the Internet. If not, the laptop must be shipped to a business that does a replacement. Google for information. This is finicky work and risky as well; expect it to be relatively expensive - at least $100.
Some desktop and most laptop computers are now sold with a Trusted Platform Module built in. As of 2014, TPM is present on Acer, Asus, Dell, Fujitsu, Gigabyte, IBM, LG, Lenovo, MSI, Panasonic, Samsung, Sony, Supermicro, Toshiba and Wipro devices.
If a system has the TPM installed it must go back to the manufacturer. Any attempt to tamper with a system that has a TPM will result in rendering the machine inoperable.
In situations where the system involved is over three years old, consider buying a used, identical system and swapping the drive from the problem machine into the replacement.
Typical example: The manufacturer wants $250 for the override password service, or offers in-depot "repair" at $100 plus shipping both ways. An identical used system can be bought for $100. Quite often it's cheaper to swap the system drive than to try to resolve the password problem.
Get unlimited access to our entire library of technical procedures, guides, and tutorials written by certified industry professionals.Get 7 days free