How to Password Protect Your Hard Disks from BIOS/UEFI

All major operating systems offer a way to set up a login password. This gives people the feeling that access to their computer is protected, and their files are private. Unfortunately, this is only an illusion. If you boot, say, Ubuntu from an USB stick, you can mount a Windows partition and read all files without providing any password. People have a mild shock when they first find out how easy this is.

But this does not mean that protecting your login account with a password is useless, just that it’s meant more as a method of restricting access when you temporarily leave your desk. But what do you do if you want to make sure nobody can read your files while you leave your computer unattended for hours or days?

Your Disks Have Their Own “Operating System”

One solution to keep your data private is full disk encryption. Another simple solution is to password-protect the disk itself. Firmware is software that runs on a device, and disks have them too. This is independent from your operating system and can enforce its own rules, which means no one will be able to read and write to this disk without providing the proper password. The disk itself will refuse all access and can’t be tricked by a different operating system. Even if the disk is removed and moved to another computer, access will be denied.

How to Set Up Disk Password from BIOS or UEFI

You can consider UEFI as a sort of micro operating system that runs on your computer before anything else is loaded (like the bootloader, Windows, drivers and so on). You will enter its setup menu to configure the passwords. BIOS is similar but only used on rather old computers.

Enter UEFI/BIOS Setup

Unfortunately, there is no standard method to access this menu. Every motherboard manufacturer freely chooses the desired setup key. But, generally, after you press the power button on your computer, you will quickly have to tap DEL, ESC, F1, F2, F10, F12 to enter setup. If you have BIOS, this is the only way to access its settings. Tap one of these keys multiple times to be certain UEFI/BIOS picks up on it. If none of the keys work, read your printed motherboard manual or search for it online to find the required key.

On modern UEFI implementations, you can reboot to this setup menu directly from Windows.

Password Lock Disks

UEFI/BIOS setup menus also have no standard set in stone. Each manufacturer implements their own desired version. The menu may include a graphical user interface (GUI) or a text user interface (TUI).

Use the left or right arrow keys to navigate to the “Security” tab (or equivalent) if your setup which will look like the following image.

disk-lock-uefi-security-menu

Otherwise, browse until you find a similar setting, where you can set disk passwords. Consult the motherboard manual if you have trouble finding it.

You will usually need to find the disk’s codename in that list, select it, and then set a user password, and possibly, a master password.

Warning: if you forget the password, there is no magic reset method. You basically lose your drive; it becomes a useless brick. It’s true that some drives will let you completely wipe them to clear the password, but those are the exception and not the rule.

disk-lock-user-master-password

Don’t confuse the user disk password with the UEFI/BIOS user password.

If the options to set the user password/master password for the disks are grayed out, it means you have to power cycle the machine. Simply power it off, power back on, and then press the required key to enter UEFI/BIOS setup. This has to happen before booting to Windows, otherwise the UEFI/BIOS will lock disk security settings again as a protection measure against unauthorized changes (for example, malware could use this to lock you out).

Set the disk user password. After you save it, the computer will ask for this password every time you power it on to unlock the drive. If you have the option available, set the master password, too, just to make sure you overwrite the factory default.

Save BIOS/UEFI settings and exit. (The proper key to do this should be displayed somewhere on the screen.)

Conclusion

At this point you know that your disk is safely locked when you leave your computer unattended. And, if you desire, you can also password-protect access to your BIOS/UEFI settings. This will usually be called an “Administrator password.” The “User password” is used for a different purpose and is not really required in this particular case. But if that is the only one you have available, set that to prevent unauthorized changes to your BIOS/UEFI settings. It should be noted, however, that if someone opens your computer case, this password can be reset. Consider it a “light” security measure.

The Complete Hardware Buying Guide

The Complete Hardware Buying Guide

Keen to learn how to choose the hardware for your rig? The Complete Hardware Buying Guide shows you what to look out when buying the hardware.

Get it now! More ebooks »

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.

Sponsored Stories