Secure Your Computer, Part 1: Password-Protect your BIOS Boot Screen
Password strength and encryption are important things when it comes to computers. A password is the entire security of your computer, and OS passwords are not hard to break. Most users believe that if you have a password on your computer via the OS, that you are safe. This is not true at all, sadly.
To defeat an OS password is easy. A user can still put Linux live CDs in your computer to read your data, or slave your hard drive to their computer. There are actually a plethora of ways to get around this. So why is this so easy for an attacker if we have a password? It's because the password is on the OS and not seen by the computer when you boot. At boot time, the Basic Input/Output System (BIOS) is initialized, which only allows your computer hardware to communicate with its devices. So if I have a disc with an OS on it thrown in the disc drive, the computer will boot it because it hasn't seen the host OS's password yet.
In this Null Byte, let's put a password on our BIOS and make sure booting from devices other than the HDD is locked. This will close some loose ends that can grant unauthorized users access to your computer, and make our boxes all-around more secure.
Sadly, this will not protect us from everything, slaving your hard drive as mentioned above is one method around this. However, do not worry! This is the first in a series on locking down our computers to make them nearly impossible to break into.
To set a BIOS password, we first need to reboot our computer, and watch the bottom upon restart. The bottom will (likely) display the function key that we need to press to get into the configuration menu. Mine was the F8 key during boot. You should get a menu like this one below:
Navigate through the menus until you can find anything to do with passwords or security and set the password.
Next, navigate to the menu that contains the boot order in it. Change your HDD to be first on the list, so if someone wanted to boot from a CD or USB etc, they would be hit with a password!