Windows 10: System firmware UEFI Admin Password

  1.    01 May 2018 #1

    System firmware UEFI Admin Password


    I am thinking about setting an Admin password for the UEFI firmware settings.
    Is this really required?

    BitLocker full drive encryption is enabled.


    I have Secure Boot enabled, but what if my laptop gets stolen and someone can change the UEFI settings?


    .So can I create the UEFI Admin password to be the same as my OS Admin password?
    Would this pose an issue? My passwords are very complex.

    Its very surprising to me that in most of security related forums out there, setting a UEFI Admin password is off the radar and not talked about so much...
      My ComputerSystem Spec

  2.    01 May 2018 #2

    win10freak said: View Post
    I am thinking about setting an Admin password for the UEFI firmware settings.
    Is this really required?

    BitLocker full drive encryption is enabled.


    I have Secure Boot enabled, but what if my laptop gets stolen and someone can change the UEFI settings?


    .So can I create the UEFI Admin password to be the same as my OS Admin password?
    Would this pose an issue? My passwords are very complex.

    Its very surprising to me that in most of security related forums out there, setting a UEFI Admin password is off the radar and not talked about so much...
    Problem is if you set a password and forget it, you are screwed and may have to resort to elaborate physical methods to reset bios.

    There is no real need to use a bios password unless you want to prevent users with PHYSICAL access to pc to change anything.

    Remote users/hackers cannot modify the bios.

    I guess it helps if laptop is stolen but even then most thieves would wipe drives anyway. You should not keep confidential details on a laptop if risk of theft is high where you take it.
      My ComputerSystem Spec

  3.    01 May 2018 #3

    Forgot to mention that I am the only one using my laptop and nobody else.

    So will it be fine not to set an Admin UEFI password?
      My ComputerSystem Spec

  4.    01 May 2018 #4

    There's no real benefit of a UEFI admin password, which just prevents people from modifying your UEFI settings, if you are concerned about physical theft.

    Secure Boot protects against attackers from modifying your OS boot files and surreptitiously installing malware or disabling OS protections. It's not even required for BitLocker, which uses a separate mechanism to validate the bootloader.

    If someone steals your laptop then BitLocker (preferably with a PIN) is sufficient to protect your data.
      My ComputerSystem Spec

  5.    01 May 2018 #5

    Proper assessment of your security requirements is necessary before implementing a security solution. Always remember that there is a trade-off between the security you apply and the ease of use of your system.
      My ComputerSystem Spec

  6.    01 May 2018 #6

    win10freak said: View Post
    Forgot to mention that I am the only one using my laptop and nobody else.

    So will it be fine not to set an Admin UEFI password?
    If you believe that no one has any reason to access your laptop when you are not around it, then, there is no need for one.
      My ComputerSystem Spec


 

Related Threads
Sometime in the fall I started getting Windows 10 update errors trying to install 1607 (the anniversary update I believe). After trying different fixes I just ignored it for a while hoping windows would come up with a fix. 6 months later and I'd...
Hey guys, So Im trying to install a new graphics card, and I have to tweak some settings in the bios. Unfortunately, when I try to open it(pressing escape at startup, scrolling down, and selecting uefi settings and pressing enter) nothing happens....
Hi Yet again, Windows is frustratingly taking up all of my time and I have tried everything google has to offer to try and fix it but it seems like no one has screwed up as much as I have on whatever forum. Let me explain the problem: I'm...
The firm in which I work has a Lenovo PC with Windows 10 installed. There are two user profiles on the computer, the admin and another normal account without administration rights. We have only the password of the account without administrator...
UEFI firmware settings screen in Drivers and Hardware
I upgraded to Windows 10 from Windows 7 (32Bit), Since, I have lost access to my DVD drive. The Device Manager shows: 45463 The drive has always been connected and worked fine with Windows 7; the hardware has never been altered or messed...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 21:11.
Find Us