Basic input/output system (BIOS)/Unified Extensible Firmware Interface (UEFI) passwords

2.7 Given a scenario, apply workstation security options and hardening techniques.

📘CompTIA A+ Core 2 (220-1202)

1. What is BIOS and UEFI?

Before understanding passwords, you must understand what BIOS and UEFI are.

  • BIOS (Basic Input/Output System) is firmware stored on the motherboard.
  • UEFI (Unified Extensible Firmware Interface) is the modern replacement for BIOS.
  • They start before the operating system (Windows, Linux, etc.).
  • They initialize hardware and decide how the system boots.

If someone can access BIOS/UEFI, they can change boot order, disable security features, or bypass the operating system.

Because of this, BIOS/UEFI passwords are a critical security control.

2. Why BIOS/UEFI Passwords Are Important (Exam Focus)

BIOS/UEFI passwords help prevent:

  • Unauthorized changes to system settings
  • Booting from USB or external drives
  • Bypassing OS-level security
  • Installing malicious software before the OS loads
  • Physical access attacks

In CompTIA A+, BIOS/UEFI passwords are considered:

  • A firmware-level security control
  • A workstation hardening technique
  • A protection used before the OS starts

3. Types of BIOS/UEFI Passwords (Very Important for Exam)

There are two main BIOS/UEFI passwords you must know for the exam:

A. Administrator Password (Setup Password)

What it does:

  • Protects access to BIOS/UEFI configuration settings
  • Required to change system settings

What it prevents:

  • Changing boot order
  • Disabling Secure Boot
  • Enabling or disabling virtualization
  • Changing hardware or security options

Key exam points:

  • The system can still boot without this password
  • Only blocks configuration access
  • Also called:
    • Setup password
    • Supervisor password

B. User Password (Power-On Password)

What it does:

  • Required every time the system starts
  • Prevents the system from booting without the password

What it prevents:

  • Unauthorized users from starting the computer
  • Access to the operating system

Key exam points:

  • System will not boot without the password
  • Adds strong protection against physical access
  • Works before the operating system loads

4. BIOS vs UEFI Password Behavior

FeatureBIOSUEFI
Password supportYesYes
Administrator passwordYesYes
User (boot) passwordYesYes
Secure Boot supportNoYes
Modern security integrationLimitedStrong

From an exam perspective, BIOS and UEFI passwords serve the same purpose, but UEFI is more secure and modern.

5. How BIOS/UEFI Passwords Improve Security (Hardening)

BIOS/UEFI passwords are part of workstation hardening because they:

  • Lock down firmware settings
  • Prevent unauthorized boot changes
  • Stop attackers from loading external tools
  • Protect systems in shared environments
  • Work even if the OS password is removed

This is especially important for:

  • Office desktops
  • Reception systems
  • Public-facing workstations
  • Shared lab computers

6. BIOS/UEFI Passwords vs Operating System Passwords

BIOS/UEFI PasswordOS Password
Firmware-levelSoftware-level
Works before OS loadsWorks after OS loads
Protects boot processProtects user account
Harder to bypassEasier to reset

Exam tip: BIOS/UEFI passwords protect the system before Windows starts.

7. Best Practices for BIOS/UEFI Passwords (Exam Relevant)

For CompTIA A+, remember these best practices:

  • Always set an Administrator (Setup) password
  • Set a User (Boot) password for sensitive systems
  • Use strong, unique passwords
  • Restrict BIOS access to authorized personnel only
  • Combine with other security features (Secure Boot, TPM)

8. What Happens If a BIOS/UEFI Password Is Forgotten? (Exam Awareness)

This is not a how-to, but you must understand the concept:

  • BIOS/UEFI passwords are not easy to reset
  • Often require:
    • Manufacturer support
    • Physical access
    • Motherboard-level procedures

This reinforces why BIOS passwords are considered strong physical security controls.

9. Relationship with Other Security Features (UEFI)

BIOS/UEFI passwords often work together with:

  • Secure Boot – prevents unauthorized OS loaders
  • TPM (Trusted Platform Module) – protects encryption keys
  • Full Disk Encryption – protects data at rest

For the exam, understand that BIOS/UEFI passwords are foundational and support other security technologies.

10. Exam Keywords You Must Remember

CompTIA A+ exam loves keywords. Remember these:

  • Firmware security
  • Pre-boot authentication
  • Administrator (Setup) password
  • User (Power-On) password
  • Prevent unauthorized configuration changes
  • Workstation hardening
  • Physical security control

11. Quick Exam Summary (High-Value Review)

  • BIOS/UEFI passwords protect systems before the OS loads
  • Two main types:
    • Administrator password → protects settings
    • User password → prevents booting
  • UEFI is newer and more secure than BIOS
  • Used to prevent unauthorized access and boot manipulation
  • Part of workstation security and hardening (Objective 2.7)
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by