SEARCH

How-To Geek

How to Secure Your Computer With a BIOS or UEFI Password

enter-bios-password-at-boot

A Windows, Linux, or Mac password just prevents people from logging into your operating system. It doesn’t prevent people from booting other operating systems, wiping your drive, or using a live CD to access your files.

Your computer’s BIOS or UEFI firmware offers the ability to set lower-level passwords. These passwords allow you to restrict people from booting the computer, booting from removable devices, and changing BIOS or UEFI settings without your permission.

When You May Want to Do This

RELATED ARTICLE
HTG Explains: What Is BIOS and When Should I Use It?
The BIOS on your computer is essential for it to function, yet it remains behind the scenes. In this article,... [Read Article]

Most people shouldn’t need to set a BIOS or UEFI password. If you’d like to protect your sensitive files, encrypting your hard drive is a better solution. BIOS and UEFI passwords are particularly ideal for public or workplace computers. They allow you to restrict people from booting alternative operating systems on removable devices and prevent people from installing another operating system over the computer’s current operating system.

Warning: Be sure to remember any passwords you set. You can reset the BIOS password on a desktop PC that you can open fairly easily, but this process may be much more difficult on a laptop you can’t open.

invalid-bios-password

How It Works

RELATED ARTICLE
HTG Explains: Why a Windows Password Doesn’t Protect Your Data
So you’ve set a password on your Windows laptop or desktop, and you always sign out or lock the screen... [Read Article]

Let’s say you’ve followed good security practices and have a password set on your Windows user account. When your computer boots, someone will have to enter your Windows user account password to use it or access your files, right? Not necessarily.

The person could insert a removable device like a USB drive, CD, or DVD with an operating system on it. They could boot from that device and access a live Linux desktop — if your files are unencrypted, they could access your files. A Windows user account password doesn’t protect your files. They could also boot from a Windows installer disc and install a new copy of Windows over the current copy of Windows on the computer.

You could change the boot order to force the computer to always boot from its internal hard drive, but someone could enter your BIOS and change your boot order to boot the removable device.

A BIOS or UEFI firmware password provides some protection against this. Depending on how you configure the password, people will need the password to boot the computer or just to change BIOS settings.

Of course, if someone has physical access to your computer, all bets are off. They could crack it open and remove your hard drive or insert a different hard drive. They could use their physical access to reset the BIOS password — we’ll show you how to do that later. A BIOS password still does provide extra protection here, particularly in situations where people have access to a keyboard and USB ports, but the computer’s case is locked up and they can’t open it.

bios-password-options

How to Set a BIOS or UEFI Password

RELATED ARTICLE
Beginner Geek: How To Change the Boot Order in Your Computer’s BIOS
The boot order in your computer’s BIOS controls which device it loads the operating system from. Modify your boot order... [Read Article]

These passwords are set in your BIOS or UEFI settings screen. On pre-Windows 8 computers, you’ll need to reboot your computer and press the appropriate key during the boot-up process to bring up the BIOS settings screen. This key varies from computer to computer, but is often F2, Delete, Esc, F1, or F10. If you need help, look at your computer’s documentation or Google its model number and “BIOS key” for more information. (If you built your own computer, look for your motherboard model’s BIOS key.)

In the BIOS settings screen, locate the password option, configure your password settings however you like, and enter a password. You may be able to set different passwords — for example, one password that allows the computer to boot and one that controls access to BIOS settings.

You’ll also want to visit the Boot Order section and ensure the boot order is locked down so people can’t boot from removable devices without your permission.

set-bios-password-options

RELATED ARTICLE
What You Need to Know About Using UEFI Instead of the BIOS
New Windows 8 PCs don’t include the traditional BIOS. They use UEFI firmware instead, just as Macs have for years.... [Read Article]

On post-Windows 8 computers, you’ll have to enter the UEFI firmware settings screen through Windows 8’s boot options. Your computer’s UEFI settings screen will hopefully provide you with a password option that works similarly to a BIOS password.

access-uefi-firmware-settings

On Mac computers, reboot the Mac, hold Command+R to boot into Recovery Mode, and click Utilities > Firmware Password to set a UEFI firmware password.

How to Reset a BIOS or UEFI Firmware Password

RELATED ARTICLE
How to Clear Your Computer’s CMOS to Reset BIOS Settings
Your computer stores low-level settings like the system time and hardware settings in its CMOS. These settings are configured in... [Read Article]

You can generally bypass BIOS or UEFI passwords with physical access to the computer. This is easiest on a desktop computer that’s designed to be opened. The password is stored in volatile memory, powered by a small battery. Reset the BIOS settings and you’ll reset the password — you can do this with a jumper or by removing and reinserting the battery. Follow our guide to clearing your computer’s CMOS to reset a BIOS password.

This process will obviously be more difficult if you have a laptop you can’t open up. Some computer models may have “back door” passwords that allow you to access the BIOS if you forget the password, but don’t count on it.

You may also be able to use professional services to reset passwords you forget. For example, if you set a firmware password on a MacBook and forget it, you may have to visit an Apple Store to have them fix it for you.

remove-cmos-battery-to-reset-bios-settings


BIOS and UEFI passwords aren’t something most people should ever use, but they’re a useful security feature for many public and business computers. If you operated some sort of cybercafé, you’d probably want to set a BIOS or UEFI password to prevent people from booting into different operating systems on your computers. Sure, they could bypass the protection by opening up the computer’s case, but that’s harder to do than simply inserting a USB drive and rebooting.

Image Credit: Buddhika Siddhisena on Flickr

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 04/3/14

Enter Your Email Here to Get Access for Free:

Go check your email!