[SOLVED] 2 questions about passwords...

Status
Not open for further replies.

miha2

Distinguished
Aug 14, 2009
533
1
18,995
Hi, I have a couple of questions about passwords, not related to each other. I'm just curious, that's all. Not like I want to do it to protect my computer the "best way possible" or anything else... Just curious, that's all.

So, let's start.

1. Is there a way to keep the BIOS password even when clearing the CMOS and/or removing the battery? Like, in order to reset the password (in case you forget it) you need to complete several steps, such as unplug the GPU, turn the computer on and then right off, one of the memory sticks, turn the computer on and off, some USB cable from the motherboard, turn the computer on and off, and when all is done, when the USB cable had been reconnected and computer turned on, now you can reset the BIOS password (well, UEFI password, but w/e)

2. I heard that when you're being robbed by the ATM, you can enter the PIN in reverse and the ATM will spit out the money partially, so that they could grab the money, but not remove the money from the machine. Is there a way to do.... something like this in Windows? Like, make a "bad" password that if somebody wants to access my computer without me being around, they couldn't do it. That password would lock the computer for, say, 1 hour, for example.

Once again, I have no big plans to do any of this, honestly. I just want to know if it's possible, not necessarily how to do it...

P.S. Also, I sort of understand that I may need to modify the UEFI code to achieve the first, but really, I don't think the BIOS password can be saved that easily...
 
Last edited:
Solution
Nobody is after my data, and we all are being watched by government agents, some are more, some are less... What I mean is that is it possible to implement this sort of a scenario in an enterprise world, like, say, if hackers ever do find anything about password-wise, like say, by running the rainbow whatever that is, they'd see the "bad" password (at least, make it so that it would be the first password they'd see, or the first password that would work) and type it and the storage on the server gets encrypted and they can't see anything. Like, yeah, the entire org can't see anything, but... the data is saved, and the admin will need to decrypt it and that, in turn, shouldn't be a problem... It will take some time, but... how many...
About the 2nd, I wrote it a bit easier... Instead, I was planning to say something like if they enter the wrong password, they can sign in, but the bad password would trigger, say, VeraCrypt, in silent mode, that would start encrypting the entire hard drive, and once it's done it would trigger another command that would restart the computer, and then the user cannot do anything. I just simplified the process a bit...
 
About the 2nd, I wrote it a bit easier... Instead, I was planning to say something like if they enter the wrong password, they can sign in, but the bad password would trigger, say, VeraCrypt, in silent mode, that would start encrypting the entire hard drive, and once it's done it would trigger another command that would restart the computer, and then the user cannot do anything. I just simplified the process a bit...
I dont see any point in doing this.
If they enter the wrong password they cant get into the system anyway, so whats the point in tricking them into thinking they did then immediately booting them out and going back to square one, not having the password.
In both cases they do not have access.
 
so, you've got government agents or other international spies and assassins after your drives? lol

who's after your data?
 
so, you've got government agents or other international spies and assassins after your drives? lol

who's after your data?
Nobody is after my data, and we all are being watched by government agents, some are more, some are less... What I mean is that is it possible to implement this sort of a scenario in an enterprise world, like, say, if hackers ever do find anything about password-wise, like say, by running the rainbow whatever that is, they'd see the "bad" password (at least, make it so that it would be the first password they'd see, or the first password that would work) and type it and the storage on the server gets encrypted and they can't see anything. Like, yeah, the entire org can't see anything, but... the data is saved, and the admin will need to decrypt it and that, in turn, shouldn't be a problem... It will take some time, but... how many computers are being stolen every day? and if such computer has any important data... the entire org is screwed, pretty much. That's all I mean, and no, I'm not a sysadmin or anything like that. Just curious, that's all.
 
Nobody is after my data, and we all are being watched by government agents, some are more, some are less... What I mean is that is it possible to implement this sort of a scenario in an enterprise world, like, say, if hackers ever do find anything about password-wise, like say, by running the rainbow whatever that is, they'd see the "bad" password (at least, make it so that it would be the first password they'd see, or the first password that would work) and type it and the storage on the server gets encrypted and they can't see anything. Like, yeah, the entire org can't see anything, but... the data is saved, and the admin will need to decrypt it and that, in turn, shouldn't be a problem... It will take some time, but... how many computers are being stolen every day? and if such computer has any important data... the entire org is screwed, pretty much. That's all I mean, and no, I'm not a sysadmin or anything like that. Just curious, that's all.
Your system would just cause massive problems in that scenario.
Hacker man to his buddies: "hey guys if I put in this password it encrypts the whole system so nobody can access it"
Buddies: "Thats hilarious, set up a script so it continuously enters the wrong password so now its perma-encrypted"

Now some poor admin, as you would have it set up, is having all their client users locked out every time they re-enter that password.

The way around this?
Have the drives encrypted to being with. Any user requiring access has a physical form of encryption key.
Congrats, no outside access.
 
Solution
Status
Not open for further replies.