BIOS password was the first method widely used to protect the computer from unsolicited use. The idea was that your computer won’t boot until the correct password entered.
This type of protection was rather weak and was primarily intended to protect from intruders who have no access to the hardware itself. To bypass such protection, one could take the drive off the computer, attach it to another computer and all the data can be copied.
At that time, to protect the data on the drive, one had to create additional layers of security by using special software for data encryption.
The idea to protect data by setting the password not only to the BIOS but to the drive itself was proposed a decade ago, but only now the technology has spread enough to be widely used.
Nowadays all modern notebook computers set a password to the drive simultaneously with setting it to the BIOS. That is why it is important to understand how the disk drive security works.
The possibility to restrict access to the data exists on almost all modern drives. This restriction is implemented by the security system of the drive itself. Thus, it makes the attachment of the drive to another computer meaningless as the password is physically stored on the drive.
Every drive which supports security features can contain simultaneously two passwords: User and Master.
User Password is the password that you use to restrict the access to the data on the drive. When User password is set the drive becomes Locked. When the drive is locked, no data can be read or written to it.
So the drive is locked when, and only when the User password is set.
When locking the drive (i.e. setting User password), you can choose how the drive can be unlocked. Either only User password can unlock the drive or both User and Master passwords can be used. This is done by setting Security level flag. This flag can be modified only while setting User password. Security level can be either ‘High’ or ‘Maximum’.
Master password is intended to be used in case User password is lost or forgotten.
Every hard drive has some predefined Master password set. Unfortunately it is not standardized. Usually it contains just 32 spaces, but it may vary depending on the hard drive manufacturer and model number. Master password can be easily changed if the hard drive is not in the locked state.
The capability of Master password (what you can do with it) depends on Security level flag which is set during locking the drive (as described in the previous section):
- If the Security level is ‘High’, Master password can be used in place of User password.
- If Security level is ‘Maximum’, the drive can be unlocked using Master password only with the erasing of all data on the drive.
By the way, the term “Security Level” will be substituted in the future versions of ATA Standards by the better one: “Master Password Capability”.
Back to BIOS
So, when you set a password on a notebook computer, BIOS will do the following:
• Store the password in the BIOS itself.
• Change Master Password of the HDD to protect the user from using manufacturer’s default.
• Change User Password of the HDD. This operation will lock the drive.