User Accounts at home and BIOS vs Windows logon

Many of my Astute Readers are familiar with the Windows logon process from their work computers. Some of you may not use a logon for your home computers. In addition, you may not know that there is an additional logon process, that uses a BIOS password, that you can use to slightly increase your level of protection (keyword: slightly).

Windows passwords and User Accounts

Why would you use a Windows password and separate User Accounts at home? Several reasons:
  • keep the kids from accessing, modifying or accidentally erasing your personal files.
  • keep out some of the less determined bad guys
  • keep out prying visitors (like the babysitter)
Windows allows you to set up user accounts on your computer. The user accounts come in several flavors: Administrator Accounts and Limited Accounts with certain restrictions. Administrators have the ability to install programs, delete files, modify files, etc. Limited Accounts with restrictions have significantly lower capabilities: they may not be able to read certain files or folders that you identify; they may not be able to delete files; they may not be able to install programs; etc. If you are logged in as an administrator, when a virus or trojan or the kids take control of your computer, the virus, trojan or little Billy can cause much greater damage.

Bottom line: for your everyday use (surfing the web, writing letters, playing music or games), you should have a Limited Account. For those rare times when you need more power (i.e. you need to install some software), you should use an Administrator Account. Both of these accounts should have strong passwords.
To set up User Accounts on your computer, try this Microsoft website.

BIOS passwords

The BIOS password is useful for providing a basic level of protection that can prevent passersby from using a CD or USB token to boot your computer and circumventing the Windows Logon process. This can provide you with some protection when you travel with your laptop and find yourself in situations where you leave your laptop unattended for short periods (i.e. at conferences, etc.).

It should be noted, that this will not keep out a determined cracker, and is not a secure line of defense. TechRepublic and SearchWindowsSecurity have articles that explain multiple ways to get past BIOS passwords.


Technorati Tags: , ,

No comments: