If "Password on boot Enabled" is disabled during bootup (pressing F12), can anyone enter my computer system?

If "Password on boot Enabled" is disabled during bootup (pressing F12), can anyone enter my computer system?

I have Windows 7 Ultimate 64-bit now, and just saw that by pressing F12 during bootup, I can disable the "Password on boot". Doesn't that mean anyone easily could do this and then have complete access to my laptop?
hermesalphaAsked:
Who is Participating?
 
rindiConnect With a Mentor Commented:
Which password do you mean? BIOS password? Hard-Disk Password? On Business-type Laptops where you set a BIOS password and Hard-Disk Password (also set via BIOS), your data is quite safe (so long as your passwords aren't easy to guess), as you need a password before you can boot or change any BIOS settings. These types of passwords can't be reset without knowing them or without the help of the manufacturer, and he will require proof of ownership before he will try to help. HD passwords usually can't be recovered or reset at all, so if you happen to forget it your data is lost even to you, which makes it even more important for you to ensure you have a good backup strategy.

With cheaper consumer grade laptops security is often not that good, and with those it can sometimes be possible to reset a BIOS password using other methods.
0
 
Run5kConnect With a Mentor Commented:
Let me just say this:  unless you are using some type of encryption on your laptop hard drive (BitLocker, TrueCrypt, etc.), there's always a decent-sized vulnerability involved.  For example, without that encryption someone could easily boot to a Linux Live CD (or USB key) and have access to the local machines files & folders.
0
 
Chris MillardConnect With a Mentor Commented:
I'll just add to this also. Even with password on boot, if someone were to remove the hard drive from your laptop, they could attach it to any other PC and access all of the data from it unless the drive itself is encrypted.

Of course, the downside to that is, that data recovery becomes more difficult if your encrypted hard drive ever fails, so always make sure you have a backup of anything you cannot afford to lose!
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
rindiConnect With a Mentor Commented:
If the HD itself has a password, you can't get to it's data even on another PC. As I mentioned above, that password is set via the BIOS, and you won't be able to access the disk without first entering it's password at either bootup, or when you try accessing it via another PC. There is no way that password can be reset or recovered without knowing it, except maybe by getting lucky by trying different passwords. But usually if you enter too many wrong passwords you will lock the disk forever.
0
 
hermesalphaAuthor Commented:
What I mean is that at first when I press F12 during computer initial bootup, the BIOS/settings menu is displayed. In this menu I can enable or disable Password on boot (this was not the case with Windows XP where the password on boot was enabled or disabled in Control Panel/Accounts). So it seems so extremely easy for anyone to just disable Password on boot here, and then it's freeway right into my laptop's folders and files.

I read something about Windows 8 has something called Secure Boot, which seems completely opposite to the non-protective boot for Windows 7.

Anyway, if this is the case (anyone can disable Password on boot) so easily in Windows 7, what is the best way to change this so I get much better boot protection? Is the only solution, as several of you suggest, to add encryption to the hard drive?

Or, if I would go to the extremes, would the absolutely most secure boot protection be a combination of the best hard drive encryption plus biometric pre-boot authentication by finger print reader?
0
 
rindiConnect With a Mentor Commented:
The password you can set in XP's Control Panel, User Accounts, is the Windows Password (You can also change that password in Windows 7's Control Panel via User Accounts). The boot up password with F12 is a BIOS or similar password and has nothing to do with the Windows password, they are for different things. If your Windows 7 Account has got no password assigned it'll logon automatically after you have booted, so you must make sure you have assigned your account a password within windows.

Windows 8's secure boot is something different yet again. It prevents you booting from or installing another OS to the PC, and that option can be enabled or disabled somewhere in the BIOS.

And again, the password you are enabling or disabling in the BIOS isn't your Windows password, it is something totally different.
0
 
hermesalphaAuthor Commented:
Thanks rindi, run5k and roybridge, it seems the data is quite safe as long as I use a password for both BIOS/HDD and Windows logon.
0
All Courses

From novice to tech pro — start learning today.