<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Dealing With Laptop BIOS Passwords

Published on
25,207 Points
7,907 Views
8 Endorsements
Last Modified:
Awarded
Dr. Klahn
With his trusty 026 keypunch and ASR33 TTY, Dr. Klahn is building a PC of extraordinary magnitude!
Administrator-level BIOS passwords on laptops can cause significant trouble for owners and support techs.  They are easy to install, but if unknown they are expensive to impossible to remove.  This article is a summary of what is known.

Two to three times a week, some version of the question below is posted:


"I have a laptop that (was given to me / I bought on ebay / I forgot the password for).  I can't (start it / upgrade the BIOS / change BIOS settings) because it's asking for a BIOS password.  I don't know what the password is.  What can I do to override the BIOS password?"


Here's a summary of what has been learned and reported here on EE over the past few years.


This question occurs very frequently.  If you have information to add to or update this article, please contact me so that the information can be kept up to date.

 

1 Removing the Battery


    Removing the BIOS backup battery seldom works on a modern laptop.  Indeed, every search for "BIOS password removal" turns up "Remove the BIOS backup battery."  About twelve years (at this writing in 2018) ago this did work on some machines.


  But manufacturers quickly realized security that can be defeated this easily is no security.  In addition, most governments and many corporations would not buy laptops where the security can be defeated at all.  Therefore manufacturers now build all laptop systems to either extremely difficult or undefeatable standards of security.


   BIOS passwords are now stored in mini-flash chips, separate from the BIOS chips.  Removing the BIOS battery has no effect on those flash chips, but it does destroy all BIOS configuration settings (which can cause even more problems, made worse because they can't be reset due to the password) and as lagniappe, the clock loses the time and date.  There were still some individual exceptions among the "brand name" manufacturers up until about 2015, but they were few then and at this writing (2018) only very low budget "off-brand" systems can be defeated this way.

 

2 Contacting the Manufacturer


    If you can prove to the manufacturer that you are the registered owner of the laptop, they can sometimes issue an override password.  This is true for (a) older systems (b) without the TPM (see below) or (c) under very specific conditions where the BIOS issues a "challenge hash" in response to repeated access failures.


  If the manufacturer does offer this service, expect it to be expensive.  Even if the system is still under warranty, they charge for this service.

 

Acer:

    (2016) Must prove ownership.  800-816-2237.  $100 plus tax.  Not covered under warranty.  Must be shipped to Acer repair depot.

 

Dell:

    (2017) Must prove ownership.  800-624-9896.  $50 for out-of-warranty.


   Ownership transfer: http://support.dell.com/support/topics/global.aspx/support/change_order/tag_transfer


   Warranty check: http://support.dell.com/support/topics/global.aspx/support/my_systems_info/details

 

HP/Compaq:

   (2015) In 8 calls, the best response I received is that there is no solution other than ship-to-depot service and that the system must be both current and under warranty.


   There is a "password reset team" for some models.  HP phone support denies this.  Faxable request form (10 years old): http://forums11.itrc.hp.com/service/forums/getattachment.do?attachmentId=49108&ext=.pdf.  Voice number dead, FAX number active 10/2009.  $70 charge.


  HP service centers and some HP authorized techs have reset software for some older models.  HP phone support also denies this.

 

Toshiba:

    (2015) See this page first:  http://web1.toshiba.ca/support/TechSupport/TSBs/ALL/-TSB000593.htm


   "Only an Authorized Service Provider can clear a Password if it has been forgotten. You will be required to show proof of ownership to the ASP prior to having the Password removed this way."

 

3 Commercial Override Passwords


    If you can't prove that you own the laptop, some businesses claim to be able to override passwords for some models.  This is a very gray area and cannot be discussed here.  Google for information.

 

4 Password Chip Replacement

 

   If a password override is not available for your system, the password chip itself can sometimes be replaced (but see below regarding TPM systems.)


   Special SMT desoldering and resoldering equipment is required; this is not a job that can be done by hobby grade equipment.  If you have such equipment, some chips are available on the Internet.  If not, the laptop must be shipped to a business that does a replacement.  Google for information.  This is finicky work and risky as well; expect it to be relatively expensive - at least $100.

 

5  Trusted Platform Module


   Some desktop and most laptop computers are now sold with a Trusted Platform Module built in.  As of 2014, TPM is present on Acer, Asus, Dell, Fujitsu, Gigabyte, IBM, LG, Lenovo, MSI, Panasonic, Samsung, Sony, Supermicro, Toshiba and Wipro devices.


   If a system has the TPM installed it must go back to the manufacturer.  Any attempt to tamper with a system that has a TPM will result in rendering the machine inoperable.

 

6  The Replacement Option


  In situations where the system involved is over three years old, consider buying a used, identical system and swapping the drive from the problem machine into the replacement.


  Typical example:  The manufacturer wants $250 for the override password service, or offers in-depot "repair" at $100 plus shipping both ways.  An identical used system can be bought for $100. Quite often it's cheaper to swap the system drive than to try to resolve the password problem.


8
Comment
Author:Dr. Klahn
4 Comments
LVL 65

Expert Comment

by:☠ MASQ ☠
Thanks for putting this together, hopefully you'll get comments that you can incorporate into the article.
You're absolutely correct, this comes up so many times it should prove to be a useful reference/resource for the EE community.

Great contribution!

MASQUERIAD
Page Editor
0
LVL 7

Expert Comment

by:Brad Sims, CCNA
Thank you for this. There are some shops on eBay that will perform password removal cheaper than the manufacturer if you can prove ownership as well. I have used one of the services and it was very professional.
0
LVL 93

Expert Comment

by:Patrick Matthews
From the bio:

Dr. Klahn is building a PC of extraordinary magnitude!

You have our gratitude.

Patrick
0
LVL 62

Expert Comment

by:McKnife
Let me comment on "If a system has the TPM installed it must go back to the manufacturer.  Any attempt to tamper with a system that has a TPM will result in rendering the machine inoperable" - I see no reason why that should be true. If a mainboard has a TPM, it does not even mean that it is activated or used. I suggest to change the paragraph to reflect that this will only apply in very rare cases like using the TPM together with bitlocker for full disk encryption. Even then, changing the password will not render the machine unusable but rather have it ask for a bitlocker recovery key.
0

Featured Post

Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

Join & Write a Comment

Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
How to fix display issue, screen flickering issue when I plug in power cord to the machine. Before I start explaining the solution lets check out once the issue how it looks like after I connect the power cord. most of you also have faced this…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month