Here is how you can secure your Windows computer by setting a Boot Password
Computers are designed for the average consumer, and average consumers are not really that concerned about how secure their PC is. Instead, the average consumer is one who tends to forget passwords and would be happy to find that all was not yet lost and they could still access their data through a backdoor that has been left open.
Every Windows computer today comes with a BIOS or UEFI which is the most basic firmware that runs on a PC. It is the middle layer that loads the Operating System into memory and allows it to interact with the hardware. It is also responsible for performing hardware initialization during the booting process as well as providing runtime services for operating systems and programs. UEFI is meant to replace the BIOS firmware interface but it comes with legacy support for BIOS services.
When you power on your computer, it gives you a tiny window in which you can press a button (usually F12) to access the Boot Menu (or the BIOS). The Boot Menu gives you a host of options, from choosing how to start up your computer (with or without Safe Mode) to which Operating System to load into memory (if the computer has multiple Operating Systems installed). Moreover, it even allows you to choose which device to load from. For example, you can also run an operating system stored on a USB drive.
However, this presents an issue. Windows does not encrypt its files, so anyone could run a different operating system by accessing the boot menu and simply access the hard drive to view all your files. The whole process is very easy and it can even be done in a few minutes with a live operating system (a portable operating system running from a USB/disk). This means that the password your Windows OS uses is as good as useless in protecting your data.
So, how can you protect your data? Well, you can set a password on the Boot Menu itself. If the Boot Menu is password-protected, there is no way it can be used to load another OS or change the boot-loading drive.
Here is how you can set a password on the Boot Menu,
Note: This still doesn’t stop a person who has physical access to your computer from prying open your computer, taking out the hard drive and using another device to access the contents. Moreover, there are ways to reset the BIOS password.
Setting a BIOS or UEFI password
You will need to access the BIOS or UEFI settings screen in order to set (or change) the password.
Accessing the Boot Menu
- Turn off your computer.
- Turn on the computer and during the boot-up process, press a certain key to access the boot menu. The key differs based on the manufacturer of your computer but usually, it is F12, ESC, F1, F10, or Delete. If none of these work, you can search for ‘boot menu key <laptop model number>’.
For example, here is a guide by Lenovo on how to access the boot menu.
Most modern computers also come with a Fast Startup option, which might need to be disabled to access the boot menu. If your computer just boots up straight to Windows within a few seconds, not giving you enough time to jump into the boot menu, then you can disable this option.
Here is how you can disable Fast Startup,
- Press START+X, and click on Power options in the popup that appears.
- Click on Choose what the power buttons do on the left side of the window.
- Click on Change settings that are currently unavailable
- Scroll down and, under the section of Shutdown settings. make sure Turn on fast startup is disabled.
You can turn this option back on after you have made the required changes in the boot menu.
If you run a post-Windows 8 computer, you can access the UEFI menu by following the given steps,
- Open the Settings app by pressing Start + I.
- Click on Change PC Settings and then General.
- Scroll to the bottom and click on Advanced Startup, then Restart Now.
- Click on Troubleshoot, then Advanced Options and then UEFI Firmware Settings.
- Click on Restart
Setting the Password in BIOS or UEFI
The Boot Menu can differ slightly, based on the manufacturer of your computer. You need to search for the Password option. Usually, it can be found under the Security section. Your computer may allow you to choose different passwords, one for accessing the boot menu and one for the BIOS / UEFI.
Next, you also need to go to the Boot Order option and make sure that the hard drive is the first in the order of preference. You can also remove any removable devices from the list to make sure that the system only boots from the hard drive.