[HOME(Mark Whitis)] [Contact] [Resume] [Browser Friendly] [No Spam] [FEL] [DBD]

Backdoor and default passwords

Many BIOSes have built in backdoor passwords to use to bypass a BIOS password which has been lost. This is, of course, an unacceptable way of handling this. No machine should have a backdoor password; this is a massive security hole. Instead, the machine should have a hardware jumper or dip switch located in a secure location that is not accessible when the case is locked. For desktops, the switch can be located on the motherboard and a locking case screw will prevent access. For notebooks, there switch should not be inside a compartment which can not be opened when the security cable slot is engaged.


Much of this information was posted on the bugtraq mailing list.

This file is maintained by Mark Whitis (whitis@freelabs.com).