Any point to password protecting the bios if only 3 people in the
household, and 2 know nothing about bioses?
I just finished a 40 minute phone call iwth a 37 yo friend, the son of friends, who is locked in the mental ward of a nearby hospital and who
has such problems for at least 18 years,. And his words were indeed
full of craziness, but i need to show that I take his wishes seriously,
even if I don't actually fulfill them.
But I need advice:
Is there any point to password protecting the BIOS on a windows machine
if you live only with your parents who love you (although he's having
doubts abou that now), and who also wouldn't know how to modify the BIOS either to break it or to fix it even if they tried. IOW, who know
nothing about the BIOS.
I see why he password protected windows, for privacy, but it seems to me
he's just looking for trouble with the BIOS, in that he may forget his
own password. Woudn't that be a big problem? Well, I guess maybe even
that woudln't matter because if it's currently set correctly now, the computer will continue to work, even if some change is later
recommended, right?
He told me the passwords and I wrote them down. Is it still likely I can easily remove the BIOS password now, so it doesn't cause problems in the future (this assumes I will at some point touch his computer, which is
not very likely, but again, I want him to know I take him seriously
(when it's possible, and here it seems possible).)
Any point to password protecting the bios if only 3 people in the
household, and 2 know nothing about bioses?
However, if you were wanting to protect your Data from so burglar ....
then maybe!! (if you are a pessimist!!)
On 20/01/2026 1:44 pm, micky wrote:Since when did thieves and burglars lose interest in computers?
Any point to password protecting the bios if only 3 people in the
household, and 2 know nothing about bioses?
So one person is protecting their computer from themselves. Not much use!
Brian Gregory wrote:
On 20/01/2026 08:57, Daniel70 wrote:
On 20/01/2026 1:44 pm, micky wrote:Since when did thieves and burglars lose interest in computers?
Any point to password protecting the bios if only 3 people in the
household, and 2 know nothing about bioses?
So one person is protecting their computer from themselves. Not much
use!
Unless you're Jeffrey Epstein, they likely want the hardware, not the data.
Brian Gregory wrote:
Since when did thieves and burglars lose interest in computers?
Unless you're Jeffrey Epstein, they likely want the hardware, not the
data.
On Tue, 20 Jan 2026 19:57:44 +1100, Daniel70
<daniel47@nomail.afraid.org> wrote:
However, if you were wanting to protect your Data from so burglar .... >>then maybe!! (if you are a pessimist!!)When a house near me was burgled a few years ago they weren't
interested in consumer electronics, only jewellery. Which suggests
that they knew there was jewellery present but that's another story.
(I have a NAS in my hall, and suspect that in the event of burglary it
would be ignored. (There are others backing it up elsehere in the
house that are not so obvious.))
On 20/01/2026 1:44 pm, micky wrote:
Any point to password protecting the bios if only 3 people in the
household, and 2 know nothing about bioses?
So one person is protecting their computer from themselves. Not much use!
However, if you were wanting to protect your Data from so burglar ....
then maybe!! (if you are a pessimist!!)
If you were wanting to protect your data from someone who is
semi-computer literate, then Password Protecting might be useful ....
but then, all your burglar would need would be a USB drive with Linux >installed on it.
I just finished a 40 minute phone call iwth a 37 yo friend, the son of
friends, who is locked in the mental ward of a nearby hospital and who
has such problems for at least 18 years,. And his words were indeed
full of craziness, but i need to show that I take his wishes seriously,
even if I don't actually fulfill them.
But I need advice:
Is there any point to password protecting the BIOS on a windows machine
if you live only with your parents who love you (although he's having
doubts abou that now), and who also wouldn't know how to modify the BIOS
either to break it or to fix it even if they tried. IOW, who know
nothing about the BIOS.
I see why he password protected windows, for privacy, but it seems to me
he's just looking for trouble with the BIOS, in that he may forget his
own password. Woudn't that be a big problem? Well, I guess maybe even
that woudln't matter because if it's currently set correctly now, the
computer will continue to work, even if some change is later
recommended, right?
He told me the passwords and I wrote them down. Is it still likely I can
easily remove the BIOS password now, so it doesn't cause problems in the
future (this assumes I will at some point touch his computer, which is
not very likely, but again, I want him to know I take him seriously
(when it's possible, and here it seems possible).)
AJL wrote:
Unless you're Jeffrey Epstein, they likely want the hardware, not
the data.
True. But even then the reason for having a device lock is to make
wiping it easier than the perp (or new owner) browsing your data
and then wiping it...
Well, I don't disagree that adding a pin/password/biometric or other marketing gimmick is necessary for people "who live in the slums".
But I'm not afraid of my wife. I'm not afraid of my family. I'm not
afraid of my friends. I'm not afraid of my neighbors.
The amount of times anyone is burglarized is so minuscule
it's something that has to be weighed against the inconvenience of
all this 'security'.
On Tue, 20 Jan 2026 19:57:44 +1100, Daniel70
<daniel47@nomail.afraid.org> wrote:
However, if you were wanting to protect your Data from so burglar ....When a house near me was burgled a few years ago they weren't
then maybe!! (if you are a pessimist!!)
interested in consumer electronics, only jewellery.
Which suggests
that they knew there was jewellery present but that's another story.
(I have a NAS in my hall, and suspect that in the event of burglary it
would be ignored. (There are others backing it up elsehere in the
house that are not so obvious.))
On 1/20/2026 1:39 PM, Maria Sophia wrote:
AJL wrote:
Unless you're Jeffrey Epstein, they likely want the hardware, not
the data.
True. But even then the reason for having a device lock is to make
wiping it easier than the perp (or new owner) browsing your data
and then wiping it...
Well, I don't disagree that adding a pin/password/biometric or other marketing gimmick is necessary for people "who live in the slums".
In my last life I took 1000s of burglary reports. The better parts of
town were definitely not spared. Not even those living on the mountain
sides in their million dollar homes.
But I'm not afraid of my wife. I'm not afraid of my family. I'm not
afraid of my friends. I'm not afraid of my neighbors.
Me neither. If you're burglarized the perps will likely not be from
your neighborhood.
The amount of times anyone is burglarized is so minuscule
But I'll bet you have homeowners insurance that covers it.
it's something that has to be weighed against the inconvenience of
all this 'security'.
The insurance of a pin/print is not a great inconvenience IMO. YMMV as always...
Most people use the OS security for their computers. However As IWhen a house near me was burgled a few years ago they weren't
Brian Gregory wrote:
Unless you're Jeffrey Epstein, they likely want the hardware, not the
data.
Duh! We're dealing entirely with unlikely situations here. My laptop
isn't stolen regularly, say about once every year.
Stolen laptops, from domestic homes are likely to be quickly sold for
drug money in some back alley to someone who will then have a long
time to go through their contents and work out how to use anything
interesting they find.
I'm making a philosophical point, which is who needs marketing gimmicks?
I've never been 'burgled' but if I was, my passwords are in KeepassXC, and
my financial data is in veracrypt containers, so all they get are my pics.
Which is the key point, really...
We don't *need* silly marketing security (e.g., biometric gimmicks) for a home computer as long as we don't live in the slums... :)
If we live in the slums, then by all means, we need those silly marketing gimmicks, and, unfortunately, on iOS devices, the gimmicks are required.
It intrigues me when I see someone who has to enter a Password on
their Mobile Phone before they can use it.
WHY?? As long as YOU don't lose your mobile phone, WHY do you need to
secure it??
(I don't do Banking/Credit Card on my mobile phone so what would I
lose if I lost it?? Photos!!)
Computers and the like are bulky and difficult to carry.
Frank Slootweg wrote:
Please don't spoil his rant with facts from the real world.
Please do not describe an intelligent technical description of how to properly set up a computer or phone as a "rant", Frank.
Just stop it with your incessant personal-attack childishness.
It's always you who throws the first punch, Frank.
But I'm not responding to your never-ending personal attacks, Frank.
I'm just asking you politely and publicly to cut it out.
Stick to the technical topic, Frank.
If you have nothing technical to say, Frank, then please refrain from personal attacks simply because you can't address the technical issues.
You don't have to agree that people who have good privacy practices have no need for silly biometric gimmicks, but you should at least attempt to understand the value of encrypted containers (e.g., Veracrypt) and
encrypted databases (e.g., KeepassDX).
Frank,
I'm asking you again, politely, to please stop it with your never-ending endlessly incessant needless personal attacks. Just cut it out, Frank.
If you can't address the issue of how to set up a device with privacy, then don't incessantly attack people who suggest technical solutions such as:
1. Encrypted containers
<https://veracrypt.io/en/Home.html>
2. Encrypted password databases
<https://www.keepassdx.com/>
In addition, since I understand why marketing wants us to fall for silly biometric gimmicks,
I also recommend that people NOT log into motherships,
but I'm well aware that most people aren't even aware that's possible.
To help others understand that it's not only possible, but easy to do,
I wrote a technical report recently on how to use Windows 11 without the mothership login (which is a technical whack-a-mole that keeps changing).
Newsgroups: alt.comp.os.windows-11,alt.comp.hardware.pc-homebuilt,alt.comp.microsoft.windows
Subject: PSA: I can happily report that my first Win11 Home installed sans a MSA
Date: Mon, 12 Jan 2026 15:24:16 -0500
Message-ID: <10k3l9g$2ug$1@nnrp.usenet.blueworldhosting.com>
On 1/21/2026 1:07 AM, Chris wrote:
Computers and the like are bulky and difficult to carry.
True story: My across the street neighbor lost all her electronics plus
other bulky items. How? Her car was broken into at work and the garage
door opener was taken. Her address was obtained from her car
registration which in my state is required to be in the car. They drove
to her address, opened the garage door, parked inside, and lowered the
door. Then they took their time loading the car knowing she was at work.
I'll admit a bit unusual but definitely clever...
Daniel70 wrote:
Chris wrote:A nice watch?
What house in any decent area doesn't have jewellery?
Mine .... but then, I don't have a Misses, either! ;-P
On 1/21/2026 1:07 AM, Chris wrote:
Computers and the like are bulky and difficult to carry.
True story: My across the street neighbor lost all her electronics plus
other bulky items. How? Her car was broken into at work and the garage
door opener was taken. Her address was obtained from her car
registration which in my state is required to be in the car. They drove
to her address, opened the garage door, parked inside, and lowered the
door. Then they took their time loading the car knowing she was at work.
I'll admit a bit unusual but definitely clever...
On Wed, 21 Jan 2026 09:18:58 -0700, AJL wrote:
On 1/21/2026 1:07 AM, Chris wrote:
Computers and the like are bulky and difficult to carry.
True story: My across the street neighbor lost all her electronics
plus other bulky items. How? Her car was broken into at work and
the garage door opener was taken. Her address was obtained from
her car registration which in my state is required to be in the
car. They drove to her address, opened the garage door, parked
inside, and lowered the door. Then they took their time loading the
car knowing she was at work. I'll admit a bit unusual but
definitely clever...
For that reason, it's important to lock the door into your house
from the garage.
On 21/01/2026 08:07, Chris wrote:
What house in any decent area doesn't have jewellery?
My house; but I don't live in a particularly nice area. In fact, I don't even own a house. A few years ago, I had a very serious accident that left me housebound. I lost my good job at a bank in London due to my situation, and my wife left me and took ownership of the house because the court decided that she had to look after the children as I was not physically able to do so.
Due to my physical state, I can't get a job now, so all I can do is depend on my local council to provide me with accommodation. I am lucky to have community fibre in my area, which provides me with free basic internet.
Daniel70 wrote:
Chris wrote:A nice watch?
What house in any decent area doesn't have jewellery?
Mine .... but then, I don't have a Misses, either! ;-P
household noises where they are.
On Wed, 21 Jan 2026 20:10:11 +0000, Andy Burns wrote:
Daniel70 wrote:
Chris wrote:A nice watch?
What house in any decent area doesn't have jewellery?
Mine .... but then, I don't have a Misses, either! ;-P
My watches aren't jewelry. They're for telling time.
Paul wrote:
[snip]
ÿIt's the same with some city employees, you can hear
household noises where they are.By contrast, if you can hear "office" noises then it's a spammer calling you ...
Frank Slootweg wrote:[My comments, suggestions and arguments deleted.]
What is your recommendation for privacy on a computer, Frank?
Brian Gregory wrote:
On 20/01/2026 20:43, Maria Sophia wrote:
Brian Gregory wrote:
Unless you're Jeffrey Epstein, they likely want the hardware, not
the data.
Duh! We're dealing entirely with unlikely situations here. My laptop
isn't stolen regularly, say about once every year.
Stolen laptops, from domestic homes are likely to be quickly sold
for drug money in some back alley to someone who will then have a
long time to go through their contents and work out how to use
anything interesting they find.
I'm making a philosophical point, which is who needs marketing gimmicks? >>>
I've never been 'burgled' but if I was, my passwords are in
KeepassXC, and
my financial data is in veracrypt containers, so all they get are my
pics.
Which is the key point, really...
We don't *need* silly marketing security (e.g., biometric gimmicks)
for a
home computer as long as we don't live in the slums... :)
You don't need to leave the blank checks in you checkbook (did I spell
it the correct way for you US types?) unsigned. But I bet you do.
If we live in the slums, then by all means, we need those silly
marketing
gimmicks, and, unfortunately, on iOS devices, the gimmicks are required.
Unlike in the USA, there don't seem to be many slums left in my country.
I have pictures of the children of relatives. They would be unhappy if
I said some random thief had these pictures and I totally understand
why, when you hear what paedophiles have been known to use them for,
or even just what Grok lets you do with them.
Hi Brian,
We can delve deeper into edge cases, but the main question was whether a
home user needs BIOS passwords on a Windows system. My view
is that BIOS passwords may not protect the data that actually matters.
Some important data on a typical Windows laptop that needs protection are passwords and financial or medical records which I focused upon, although pictures and anything else can be added into that category if you like.
Those are likely stored in encrypted containers if you use tools like Veracrypt and KeepassXC (although I'd have to check how to automate that
for photos). While that is partial encryption, not full disk encryption, my observation is that it may be enough for most home users because the sensitive material is isolated without having to enter a password (or biometric marketing gimmicks) constantly, every day of the year.
A BIOS password does not protect any of that (AFAIK). A thief can remove
the drive and read it. Biometrics do not protect it either. They only
unlock the Windows session. Once the drive is out of the laptop, the biometric layer is irrelevant (AFAIK).
So my practical Windows security model for a home environment is this:
1. Encrypt the small amount of data that actually matters, such as
passwords and financial records.
2. Keep that data in Veracrypt containers or a password manager.
3. Do not rely on BIOS passwords or biometrics to protect data on a
stolen device because they do not address that threat.
Biometric marketing gimmicks solve a convenience problem, not a data protection problem. If we have a real fear of the people around us, that is
a different threat model, but most home users do not need that level of control (IMHO) in terms of the frequency of passwords they enter.
On 21/01/2026 18:32, Maria Sophia wrote:
So my practical Windows security model for a home environment is this:
1. Encrypt the small amount of data that actually matters, such as
passwords and financial records.
2. Keep that data in Veracrypt containers or a password manager.
3. Do not rely on BIOS passwords or biometrics to protect data on a
stolen device because they do not address that threat.
Biometric marketing gimmicks solve a convenience problem, not a data
protection problem. If we have a real fear of the people around us, that is >> a different threat model, but most home users do not need that level of
control (IMHO) in terms of the frequency of passwords they enter.
But it's unrealistic to expect anyone but an expert to install and use Veracrypt containers, it's also largely unrealistic to expect them to
keep absolutely everything always in it's designated place, encrypted or unencrypted as appropriate.
I get that BIOS password doesn't add any real protection but why object
to it so much? It's another thing that any hacker will need to get
around before they can run any hacking tool on a PC.
I also do not see why you regard biometric security as a gimmick. It's
dirt cheap now (cost me œ12 to add a fingerprint reader to my desktop
PC) and works fairly well, and seems to err firmly towards rejecting
fingers that don't match exactly rather than accepting anything vaguely
like my finger. On cold days I even need to warm my finger before
there's any hope of it matching how it looked to the scanner on a hot day.
Frank Slootweg wrote:[...]
What is your recommendation for privacy on a computer, Frank?
To answer your question: You probably mean measures to limit the consequences of bad actors having physical access to your (Windows) computer or stealing it, as that's the context of this thread. "privacy
on a computer" is *way* too wide/unspecific/ambiguous/<whatever>.
You are correct. We're assuming a daily boot of a Windows PC with a local account (whether Windows 11 or Windows 10) and people you trust in the home and we're assuming the rare happenstance of a burglar with physical access.
Note: Windows FDE is Bitlocker, so that is the default interpretation.
That said, my - rather obvious - recommendations are: A boot password, sign-in protection (password or/and other) and - if needed/practical - Windows' FDE or similar.
Thank you for outlining your model to contrast with mine, where we each optimized the threat protection in reasonably different manners.
I. Frank's proposed security model is system centric & labor intensive.
II. The model I suggest is data centric & optimized for convenience.
Since the goal is for others to learn from our technical conversation
here is a point-by-point summary of the two threat models we proposed.
A. Threat model
1. FS assumes OS level FDE (Bitlocker) protection is required.
2. MS assume only specific data stores need protection.
B. Boot process
1. FS uses a boot password and sign in protection.
2. MS uses no boot password and no sign in password.
C. Disk protection
1. FS uses Windows FDE so the entire volume is encrypted at rest.
2. MS uses Veracrypt for financial data & KeePassDX for passwords.
D. Forensic residue
1. FS's model encrypts swap, temp files, hibernation files & caches.
2. MS's model protects encrypted containers leaving OS residue readable.
E. Convenience
1. FS accepts daily friction at boot & sign in.
2. MS eliminates friction at boot & sign in by only unlocking
containers when needed (which the user may unlock only occasionally).
F. Cloud identity
1. FS's model can run without a Microsoft account but if Windows FDE
is used then recovery material must be stored offline by the user.
2. MS's model uses no OS level encryption so no recovery keys exist
and no cloud identity is ever needed at any time (by design).
G. Physical theft
1. FS's model forces the attacker to defeat FDE for all access.
2. MS's model exposes OS data but protects financial & passwd data.
H. Family access
1. FS's model blocks family members without credentials.
2. MS's model allows family access but keeps sensitive data encrypted.
Summary
1. FS's model maximizes system level protection & minimizes leakage.
But at the cost of daily convenience.
2. Ms's model maximizes daily convenience by protecting data chosen
to encrypt (which the user may unlock only occasionally).
--
On Usenet, old men discuss topics that they've thought about for decades.
On 22/01/2026 7:10 am, Andy Burns wrote:
Daniel70 wrote:Who needs a Watch .... when I've got my 'phone'?? ;-P
Chris wrote:A nice watch?
What house in any decent area doesn't have jewellery?
Mine .... but then, I don't have a Misses, either! ;-P
Paul wrote:
[snip]
It's the same with some city employees, you can hear
household noises where they are.By contrast, if you can hear "office" noises then it's a spammer calling
you ...
On 2026/1/22 8:55:19, Daniel70 wrote:
On 22/01/2026 7:10 am, Andy Burns wrote:
Daniel70 wrote:Who needs a Watch .... when I've got my 'phone'?? ;-P
Chris wrote:A nice watch?
What house in any decent area doesn't have jewellery?
Mine .... but then, I don't have a Misses, either! ;-P
I can glance at my wrist (cheap blue plastic CASIO - had it for years)
far more quickly than I could at a 'phone, if I had one (and both my
hands are free, too).
Plus, if I _had_ a smartphone, I'd presumably
mostly be doing something with it (if not, why have one?), so would have
to change/minimise to see the clock (or peer at tiny digits along the
edge of the display).
| Sysop: | Tetrazocine |
|---|---|
| Location: | Melbourne, VIC, Australia |
| Users: | 15 |
| Nodes: | 8 (0 / 8) |
| Uptime: | 06:32:50 |
| Calls: | 188 |
| Files: | 21,502 |
| Messages: | 81,815 |