System firmware UEFI Admin Password

I am thinking about setting an Admin password for the UEFI firmware settings.
Is this really required?

BitLocker full drive encryption is enabled.


I have Secure Boot enabled, but what if my laptop gets stolen and someone can change the UEFI settings?


.So can I create the UEFI Admin password to be the same as my OS Admin password?
Would this pose an issue? My passwords are very complex.

Its very surprising to me that in most of security related forums out there, setting a UEFI Admin password is off the radar and not talked about so much...

Forgot to mention that I am the only one using my laptop and nobody else.

So will it be fine not to set an Admin UEFI password?

There's no real benefit of a UEFI admin password, which just prevents people from modifying your UEFI settings, if you are concerned about physical theft.

Secure Boot protects against attackers from modifying your OS boot files and surreptitiously installing malware or disabling OS protections. It's not even required for BitLocker, which uses a separate mechanism to validate the bootloader.

If someone steals your laptop then BitLocker (preferably with a PIN) is sufficient to protect your data.

Proper assessment of your security requirements is necessary before implementing a security solution. Always remember that there is a trade-off between the security you apply and the ease of use of your system.

win10freak said:

Forgot to mention that I am the only one using my laptop and nobody else.

So will it be fine not to set an Admin UEFI password?

If you believe that no one has any reason to access your laptop when you are not around it, then, there is no need for one.