Subject: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

Any point to password protecting the bios if only 3 people in the
household, and 2 know nothing about bioses?

I just finished a 40 minute phone call iwth a 37 yo friend, the son of
friends, who is locked in the mental ward of a nearby hospital and who
has such problems for at least 18 years,. And his words were indeed
full of craziness, but i need to show that I take his wishes seriously,
even if I don't actually fulfill them.

But I need advice:

Is there any point to password protecting the BIOS on a windows machine
if you live only with your parents who love you (although he's having
doubts abou that now), and who also wouldn't know how to modify the BIOS
either to break it or to fix it even if they tried. IOW, who know
nothing about the BIOS.

I see why he password protected windows, for privacy, but it seems to me
he's just looking for trouble with the BIOS, in that he may forget his
own password. Woudn't that be a big problem? Well, I guess maybe even
that woudln't matter because if it's currently set correctly now, the
computer will continue to work, even if some change is later
recommended, right?

He told me the passwords and I wrote them down. Is it still likely I can
easily remove the BIOS password now, so it doesn't cause problems in the
future (this assumes I will at some point touch his computer, which is
not very likely, but again, I want him to know I take him seriously
(when it's possible, and here it seems possible).)


--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On Mon, 1/19/2026 9:44 PM, micky wrote:

Any point to password protecting the bios if only 3 people in the
household, and 2 know nothing about bioses?

I just finished a 40 minute phone call iwth a 37 yo friend, the son of friends, who is locked in the mental ward of a nearby hospital and who
has such problems for at least 18 years,. And his words were indeed
full of craziness, but i need to show that I take his wishes seriously,
even if I don't actually fulfill them.

But I need advice:

Is there any point to password protecting the BIOS on a windows machine
if you live only with your parents who love you (although he's having
doubts abou that now), and who also wouldn't know how to modify the BIOS either to break it or to fix it even if they tried. IOW, who know
nothing about the BIOS.

I see why he password protected windows, for privacy, but it seems to me
he's just looking for trouble with the BIOS, in that he may forget his
own password. Woudn't that be a big problem? Well, I guess maybe even
that woudln't matter because if it's currently set correctly now, the computer will continue to work, even if some change is later
recommended, right?

He told me the passwords and I wrote them down. Is it still likely I can easily remove the BIOS password now, so it doesn't cause problems in the future (this assumes I will at some point touch his computer, which is
not very likely, but again, I want him to know I take him seriously
(when it's possible, and here it seems possible).)

Consumer-class and Business-class computers have different issues, with
regard to security. Unfortunately, refurbished computers are from businesses, and this is the wrong kind of computer to be exposed to "the public".
There is a chain of security features in there. If you don't use a security feature, someone else can set it behind your back.

As an example, if I was a mean person, I could take advantage of the
lack of BIOS passwords, by reaching in and resetting the TPM. Which may
have some consequences for Bitlocker protection of partitions
on the disk. Even W10Home can encrypt a disk, using FDE in the disk hardware
to do it. A recovery stick must be kept with the key on it, so a Bitlocker protected device, can be decrypted. And if the recovery device was never prepared, there may be some extra nuisance to acquire the key from the Microsoft account (MSA). Not everyone has an MSA.

Other than keeping relatives out of the machine, what other properties
must the device have ? It there are no Bitcoin Wallets on the drive,
and it is a gamer machine with only game installs, who cares if it
locks out someone ?

But generally, switching to a consumer laptop, with the weaker consumer protections, that slightly nullifies some of the challenges an owner can face.

Paul

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

micky <NONONOmisc07@fmguy.com> wrote:

Any point to password protecting the bios if only 3 people in the
household, and 2 know nothing about bioses?

I've never done this for decades and several computers. I'd say there's no point.


--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On Tue, 20 Jan 2026 19:57:44 +1100, Daniel70
<daniel47@nomail.afraid.org> wrote:

However, if you were wanting to protect your Data from so burglar ....
then maybe!! (if you are a pessimist!!)

When a house near me was burgled a few years ago they weren't
interested in consumer electronics, only jewellery. Which suggests
that they knew there was jewellery present but that's another story.
(I have a NAS in my hall, and suspect that in the event of burglary it
would be ignored. (There are others backing it up elsehere in the
house that are not so obvious.))

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On 20/01/2026 08:57, Daniel70 wrote:

On 20/01/2026 1:44 pm, micky wrote:

Any point to password protecting the bios if only 3 people in the
household, and 2 know nothing about bioses?

So one person is protecting their computer from themselves. Not much use!

Since when did thieves and burglars lose interest in computers?

--
Brian Gregory (in England).

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On 20/01/2026 18:20, Maria Sophia wrote:

Brian Gregory wrote:

On 20/01/2026 08:57, Daniel70 wrote:

On 20/01/2026 1:44 pm, micky wrote:

Any point to password protecting the bios if only 3 people in the
household, and 2 know nothing about bioses?

So one person is protecting their computer from themselves. Not much
use!

Since when did thieves and burglars lose interest in computers?

Unless you're Jeffrey Epstein, they likely want the hardware, not the data.

Duh! We're dealing entirely with unlikely situations here. My laptop
isn't stolen regularly, say about once every year.

Stolen laptops, from domestic homes are likely to be quickly sold for
drug money in some back alley to someone who will then have a long time
to go through their contents and work out how to use anything
interesting they find.

--
Brian Gregory (in England).

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On 1/20/2026 11:20 AM, Maria Sophia wrote:

Brian Gregory wrote:

Since when did thieves and burglars lose interest in computers?

Unless you're Jeffrey Epstein, they likely want the hardware, not the
data.

True. But even then the reason for having a device lock is to make
wiping it easier than the perp (or new owner) browsing your data and
then wiping it...

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

In alt.comp.os.windows-11, on Tue, 20 Jan 2026 17:15:18 +0000, Peter
Johnson <peter@parksidewood.nospam> wrote:

On Tue, 20 Jan 2026 19:57:44 +1100, Daniel70
<daniel47@nomail.afraid.org> wrote:

However, if you were wanting to protect your Data from so burglar .... >>then maybe!! (if you are a pessimist!!)

When a house near me was burgled a few years ago they weren't
interested in consumer electronics, only jewellery. Which suggests
that they knew there was jewellery present but that's another story.
(I have a NAS in my hall, and suspect that in the event of burglary it
would be ignored. (There are others backing it up elsehere in the
house that are not so obvious.))

I don't know what a NAS looks like, but if it looks like a laptop and
it's not too heavy, meaning not too old, a burglar would likely want it.
If a NAS doesn't look like a laptop, who would he sell it to?

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

In alt.comp.os.windows-11, on Tue, 20 Jan 2026 19:57:44 +1100, Daniel70 <daniel47@nomail.afraid.org> wrote:

On 20/01/2026 1:44 pm, micky wrote:

Any point to password protecting the bios if only 3 people in the
household, and 2 know nothing about bioses?

So one person is protecting their computer from themselves. Not much use!

However, if you were wanting to protect your Data from so burglar ....
then maybe!! (if you are a pessimist!!)

If you were wanting to protect your data from someone who is
semi-computer literate, then Password Protecting might be useful ....
but then, all your burglar would need would be a USB drive with Linux >installed on it.

Thanks, all of you. I can use this information to look respectful when I
talk to him. His parents and I are visiting him in the mental ward today
at 5. He probably wants me to use it to send money to scammers, whom
he trusts for some reason, even though he knows there are liars in the
world. he's a fine person, but his mind doesn't work right.

I just finished a 40 minute phone call iwth a 37 yo friend, the son of
friends, who is locked in the mental ward of a nearby hospital and who
has such problems for at least 18 years,. And his words were indeed
full of craziness, but i need to show that I take his wishes seriously,
even if I don't actually fulfill them.

But I need advice:

Is there any point to password protecting the BIOS on a windows machine
if you live only with your parents who love you (although he's having
doubts abou that now), and who also wouldn't know how to modify the BIOS
either to break it or to fix it even if they tried. IOW, who know
nothing about the BIOS.

I see why he password protected windows, for privacy, but it seems to me
he's just looking for trouble with the BIOS, in that he may forget his
own password. Woudn't that be a big problem? Well, I guess maybe even
that woudln't matter because if it's currently set correctly now, the
computer will continue to work, even if some change is later
recommended, right?

He told me the passwords and I wrote them down. Is it still likely I can
easily remove the BIOS password now, so it doesn't cause problems in the
future (this assumes I will at some point touch his computer, which is
not very likely, but again, I want him to know I take him seriously
(when it's possible, and here it seems possible).)

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On 1/20/2026 1:39 PM, Maria Sophia wrote:

AJL wrote:

Unless you're Jeffrey Epstein, they likely want the hardware, not
the data.

True. But even then the reason for having a device lock is to make
wiping it easier than the perp (or new owner) browsing your data
and then wiping it...

Well, I don't disagree that adding a pin/password/biometric or other marketing gimmick is necessary for people "who live in the slums".

In my last life I took 1000s of burglary reports. The better parts of
town were definitely not spared. Not even those living on the mountain
sides in their million dollar homes.

But I'm not afraid of my wife. I'm not afraid of my family. I'm not
afraid of my friends. I'm not afraid of my neighbors.

Me neither. If you're burglarized the perps will likely not be from
your neighborhood.

The amount of times anyone is burglarized is so minuscule

But I'll bet you have homeowners insurance that covers it.

it's something that has to be weighed against the inconvenience of
all this 'security'.

The insurance of a pin/print is not a great inconvenience IMO. YMMV as always...

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

Peter Johnson <peter@parksidewood.nospam> wrote:

On Tue, 20 Jan 2026 19:57:44 +1100, Daniel70
<daniel47@nomail.afraid.org> wrote:

However, if you were wanting to protect your Data from so burglar ....
then maybe!! (if you are a pessimist!!)

When a house near me was burgled a few years ago they weren't
interested in consumer electronics, only jewellery.

Computers and the like are bulky and difficult to carry. Money and
jewellery are easy to pocket.

Which suggests
that they knew there was jewellery present but that's another story.

What house in any decent area doesn't have jewellery?

(I have a NAS in my hall, and suspect that in the event of burglary it
would be ignored. (There are others backing it up elsehere in the
house that are not so obvious.))

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

AJL <noemail@none.com> wrote:

On 1/20/2026 1:39 PM, Maria Sophia wrote:

AJL wrote:

Unless you're Jeffrey Epstein, they likely want the hardware, not
the data.

True. But even then the reason for having a device lock is to make
wiping it easier than the perp (or new owner) browsing your data
and then wiping it...

Well, I don't disagree that adding a pin/password/biometric or other marketing gimmick is necessary for people "who live in the slums".

In my last life I took 1000s of burglary reports. The better parts of
town were definitely not spared. Not even those living on the mountain
sides in their million dollar homes.

Please don't spoil his rant with facts from the real world.

But I'm not afraid of my wife. I'm not afraid of my family. I'm not
afraid of my friends. I'm not afraid of my neighbors.

Me neither. If you're burglarized the perps will likely not be from
your neighborhood.

The amount of times anyone is burglarized is so minuscule

But I'll bet you have homeowners insurance that covers it.

Ouch!

it's something that has to be weighed against the inconvenience of
all this 'security'.

The insurance of a pin/print is not a great inconvenience IMO. YMMV as always...

It's quite hilarious that someone who is so paranoid about his
'privacy' on Usenet, is so flippant about the risk of burglary/theft and
the real and possibly quite severe *privacy* consequences.

And, as you say, when properly set up, there hardly is any
'inconvenience' involved.

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On 01/21/2026 5:05 AM, Daniel70 wrote:

When a house near me was burgled a few years ago they weren't

Most people use the OS security for their computers. However As I
understand the drives are completely readable as a second drive in a
different computer or in a USB enclosure

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On 20/01/2026 20:43, Maria Sophia wrote:

Brian Gregory wrote:

Unless you're Jeffrey Epstein, they likely want the hardware, not the
data.

Duh! We're dealing entirely with unlikely situations here. My laptop
isn't stolen regularly, say about once every year.

Stolen laptops, from domestic homes are likely to be quickly sold for
drug money in some back alley to someone who will then have a long
time to go through their contents and work out how to use anything
interesting they find.

I'm making a philosophical point, which is who needs marketing gimmicks?

I've never been 'burgled' but if I was, my passwords are in KeepassXC, and
my financial data is in veracrypt containers, so all they get are my pics.

Which is the key point, really...
We don't *need* silly marketing security (e.g., biometric gimmicks) for a home computer as long as we don't live in the slums... :)

You don't need to leave the blank checks in you checkbook (did I spell
it the correct way for you US types?) unsigned. But I bet you do.

If we live in the slums, then by all means, we need those silly marketing gimmicks, and, unfortunately, on iOS devices, the gimmicks are required.

Unlike in the USA, there don't seem to be many slums left in my country.

I have pictures of the children of relatives. They would be unhappy if I
said some random thief had these pictures and I totally understand why,
when you hear what paedophiles have been known to use them for, or even
just what Grok lets you do with them.

--
Brian Gregory (in England).

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On 1/21/2026 2:03 AM, Daniel70 wrote:

It intrigues me when I see someone who has to enter a Password on
their Mobile Phone before they can use it.

It takes three screen touches to unlock and enter my phone. Two screen
taps to wake it and a fingerprint to unlock it. Maybe 2 seconds? And my
phone is 6 years old. I think that on some modern phones all you have to
do is look at them.

WHY?? As long as YOU don't lose your mobile phone, WHY do you need to
secure it??

Because shit happens...

(I don't do Banking/Credit Card on my mobile phone so what would I
lose if I lost it?? Photos!!)

YMMV. For us billions of Google product users there are unlocked
sensitive Google apps inside.



--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On 1/21/2026 1:07 AM, Chris wrote:

Computers and the like are bulky and difficult to carry.

True story: My across the street neighbor lost all her electronics plus
other bulky items. How? Her car was broken into at work and the garage
door opener was taken. Her address was obtained from her car
registration which in my state is required to be in the car. They drove
to her address, opened the garage door, parked inside, and lowered the
door. Then they took their time loading the car knowing she was at work.
I'll admit a bit unusual but definitely clever...


--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

Maria Sophia <mariasophia@comprehension.com> wrote:

Frank Slootweg wrote:

Please don't spoil his rant with facts from the real world.

'Convenient', dishonest, silent snip of rest of text/arguments duly
noted.

Please do not describe an intelligent technical description of how to properly set up a computer or phone as a "rant", Frank.

There was no "intelligent technical description". There was only a
rant and AJL's response. So I called a spade a spade.

Just stop it with your incessant personal-attack childishness.

As all others who emit the personal-attack fallacy, the "childishness"
is all yours.

It's always you who throws the first punch, Frank.

I don't think I was the one throwing slurs about "slums", so remember,
if I 'throw a punch', it's always *after* *your* first.

But I'm not responding to your never-ending personal attacks, Frank.
I'm just asking you politely and publicly to cut it out.

You obviously *are* responding, like you do every time, because you
can't handle being talked back at.

Stick to the technical topic, Frank.
If you have nothing technical to say, Frank, then please refrain from personal attacks simply because you can't address the technical issues.

There wasn't one, only your slurs.

You don't have to agree that people who have good privacy practices have no need for silly biometric gimmicks, but you should at least attempt to understand the value of encrypted containers (e.g., Veracrypt) and
encrypted databases (e.g., KeepassDX).

Well, 'silly gimmicks' like encryption are unneeded if you use PIN or biometrics, etc.. (And understand how Android phones *actually* work.)

But anything you don't use (read: understand) is wrong, isn't it?

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

Maria Sophia <mariasophia@comprehension.com> wrote:
[...]

Frank,

I'm asking you again, politely, to please stop it with your never-ending endlessly incessant needless personal attacks. Just cut it out, Frank.

A famous Usenet poster once said "Proving you wrong is not an attack."
and that still stands.

If you can't address the issue of how to set up a device with privacy, then don't incessantly attack people who suggest technical solutions such as:
1. Encrypted containers
<https://veracrypt.io/en/Home.html>
2. Encrypted password databases
<https://www.keepassdx.com/>

As I said, and you failed to comment on, for a smartphone (i.e. the
context of Daniel's post and your response to that) [1], encryption is
unneeded if you use a screen-lock and such a screen-lock is *less*
hassle than your encryption methods.

So, *if* you *really* want to discuss the technical aspects, then *do*
so, but don't silently dismiss counter-arguments and continue your foot-stamping.

In addition, since I understand why marketing wants us to fall for silly biometric gimmicks,

It's not marketing, it's solid and proven technology, which you
apparently don't use, nor understand.

I also recommend that people NOT log into motherships,
but I'm well aware that most people aren't even aware that's possible.

There *is no* "mothership". Your foot-stamping about this is as boring
as unfounded. As another famous Usenet poster has explained umpteen
times, *your* *much more* private data is already on umpteen
"motherships" *with* your (implicit) approval.

FYI, a small bit of my not-very personal data is on *one* 'mothership'
and has never led to any ill effect. But then I go by facts, experience,
etc., not paranois.

To help others understand that it's not only possible, but easy to do,
I wrote a technical report recently on how to use Windows 11 without the mothership login (which is a technical whack-a-mole that keeps changing).
Newsgroups: alt.comp.os.windows-11,alt.comp.hardware.pc-homebuilt,alt.comp.microsoft.windows
Subject: PSA: I can happily report that my first Win11 Home installed sans a MSA
Date: Mon, 12 Jan 2026 15:24:16 -0500
Message-ID: <10k3l9g$2ug$1@nnrp.usenet.blueworldhosting.com>

Wow! A "technical report" no less! I must study that one day on our
MSA-less systems. Silly me for doing the few minutes of work, three and
a half years ago and again last September, when I could just have waited
a few years/months for your 'technical report'!

[1] Yes, your hatred for anything Apple again made you lose track from
the actual scope of the thread/group.

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

AJL <noemail@none.com> wrote:

On 1/21/2026 1:07 AM, Chris wrote:

Computers and the like are bulky and difficult to carry.

True story: My across the street neighbor lost all her electronics plus
other bulky items. How? Her car was broken into at work and the garage
door opener was taken. Her address was obtained from her car
registration which in my state is required to be in the car. They drove
to her address, opened the garage door, parked inside, and lowered the
door. Then they took their time loading the car knowing she was at work.
I'll admit a bit unusual but definitely clever...

Wow. Jackpot day for them.


--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On Wed, 21 Jan 2026 20:10:11 +0000, Andy Burns wrote:

Daniel70 wrote:

Chris wrote:

What house in any decent area doesn't have jewellery?

Mine .... but then, I don't have a Misses, either! ;-P

A nice watch?

My watches aren't jewelry. They're for telling time.

--
"Imagine there's no heaven. It's easy if you try. No hell below us,
Above us, only sky..." [John Lennon, "Imagine"]

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On Wed, 21 Jan 2026 09:18:58 -0700, AJL wrote:

On 1/21/2026 1:07 AM, Chris wrote:

Computers and the like are bulky and difficult to carry.

True story: My across the street neighbor lost all her electronics plus
other bulky items. How? Her car was broken into at work and the garage
door opener was taken. Her address was obtained from her car
registration which in my state is required to be in the car. They drove
to her address, opened the garage door, parked inside, and lowered the
door. Then they took their time loading the car knowing she was at work.
I'll admit a bit unusual but definitely clever...

For that reason, it's important to lock the door into your house from the garage.

--
Mark Lloyd
http://notstupid.us/

Religious reasons do not excuse violence: they accuse religion.

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On 1/21/2026 2:05 PM, Mark Lloyd wrote:

On Wed, 21 Jan 2026 09:18:58 -0700, AJL wrote:

On 1/21/2026 1:07 AM, Chris wrote:

Computers and the like are bulky and difficult to carry.

True story: My across the street neighbor lost all her electronics
plus other bulky items. How? Her car was broken into at work and
the garage door opener was taken. Her address was obtained from
her car registration which in my state is required to be in the
car. They drove to her address, opened the garage door, parked
inside, and lowered the door. Then they took their time loading the
car knowing she was at work. I'll admit a bit unusual but
definitely clever...

For that reason, it's important to lock the door into your house
from the garage.

Likely wouldn't have done much good. With the main door rolled down the
perps could just have forced the inside door since they wouldn't be seen
and then there would have been the additional damage.

After this incident I started hiding my garage door opener so it
couldn't be seen from outside the car. Now my cars both have built-in
openers so problem solved. Well maybe, unless they steal the car and
head for my house... 8-O


--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On Wed, 1/21/2026 5:38 PM, George wrote:

On 21/01/2026 08:07, Chris wrote:

What house in any decent area doesn't have jewellery?

My house; but I don't live in a particularly nice area. In fact, I don't even own a house. A few years ago, I had a very serious accident that left me housebound. I lost my good job at a bank in London due to my situation, and my wife left me and took ownership of the house because the court decided that she had to look after the children as I was not physically able to do so.

Due to my physical state, I can't get a job now, so all I can do is depend on my local council to provide me with accommodation. I am lucky to have community fibre in my area, which provides me with free basic internet.

Not everyone can be bothered with jewelry, whether affluent or not.

And you can work from home. If you have a working voice and two
hands to type with, you can answer phones for a business at home.
The government tax assistance people, when you talk to them, you
can tell they are at home, and calls are forwarded to them, to be
handled. It's the same with some city employees, you can hear
household noises where they are.

Paul



--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

Andy Burns wrote:

Daniel70 wrote:

Chris wrote:

What house in any decent area doesn't have jewellery?

Mine .... but then, I don't have a Misses, either! ;-P

A nice watch?

I suggest Apple iPhones count as costume jewellery ....

--
Graham J

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

Paul wrote:

[snip]

It's the same with some city employees, you can hear

household noises where they are.

By contrast, if you can hear "office" noises then it's a spammer calling
you ...


--
Graham J

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

Sam E <no.email@here.invalid> wrote:

On Wed, 21 Jan 2026 20:10:11 +0000, Andy Burns wrote:

Daniel70 wrote:

Chris wrote:

What house in any decent area doesn't have jewellery?

Mine .... but then, I don't have a Misses, either! ;-P

A nice watch?

My watches aren't jewelry. They're for telling time.

They can be both.


--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On Thu, 1/22/2026 2:46 AM, Graham J wrote:

Paul wrote:

[snip]

ÿIt's the same with some city employees, you can hear

household noises where they are.

By contrast, if you can hear "office" noises then it's a spammer calling you ...

Indeed. The duct cleaners call from India, and you can hear the
babbling in the background.

I recognize that someone in council housing, is likely
caught in the same trap as individuals here, where you cannot
get ahead by working, unless you have a job with an enormous income.
Which just isn't going to happen.

As an example of the irony here, a woman who works for some
government department, helping low income people find
a place to stay, *herself* sleeps on someone elses couch...
because she cannot find a place to stay with a reasonable
rent. Her income is not high enough to pay for an apartment.

I didn't intend that response to sound like an answer,
because it isn't really.

But at least technically, there are jobs you can do from home.

Paul


--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

Maria Sophia <mariasophia@comprehension.com> wrote:

Frank Slootweg wrote:

[My comments, suggestions and arguments deleted.]

What is your recommendation for privacy on a computer, Frank?

Non-response to my arguments, etc. duly noted.

To answer your question: You probably mean measures to limit the
consequences of bad actors having physical access to your (Windows)
computer or stealing it, as that's the context of this thread. "privacy
on a computer" is *way* too wide/unspecific/ambiguous/<whatever>.

That said, my - rather obvious - recommendations are: A boot password, sign-in protection (password or/and other) and - if needed/practical -
Windows' FDE or similar.

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On 21/01/2026 18:32, Maria Sophia wrote:

Brian Gregory wrote:

On 20/01/2026 20:43, Maria Sophia wrote:

Brian Gregory wrote:

Unless you're Jeffrey Epstein, they likely want the hardware, not
the data.

Duh! We're dealing entirely with unlikely situations here. My laptop
isn't stolen regularly, say about once every year.

Stolen laptops, from domestic homes are likely to be quickly sold
for drug money in some back alley to someone who will then have a
long time to go through their contents and work out how to use
anything interesting they find.

I'm making a philosophical point, which is who needs marketing gimmicks? >>>
I've never been 'burgled' but if I was, my passwords are in
KeepassXC, and
my financial data is in veracrypt containers, so all they get are my
pics.

Which is the key point, really...
We don't *need* silly marketing security (e.g., biometric gimmicks)
for a
home computer as long as we don't live in the slums... :)

You don't need to leave the blank checks in you checkbook (did I spell
it the correct way for you US types?) unsigned. But I bet you do.

If we live in the slums, then by all means, we need those silly
marketing
gimmicks, and, unfortunately, on iOS devices, the gimmicks are required.

Unlike in the USA, there don't seem to be many slums left in my country.

I have pictures of the children of relatives. They would be unhappy if
I said some random thief had these pictures and I totally understand
why, when you hear what paedophiles have been known to use them for,
or even just what Grok lets you do with them.

Hi Brian,
We can delve deeper into edge cases, but the main question was whether a
home user needs BIOS passwords on a Windows system. My view
is that BIOS passwords may not protect the data that actually matters.

Some important data on a typical Windows laptop that needs protection are passwords and financial or medical records which I focused upon, although pictures and anything else can be added into that category if you like.
Those are likely stored in encrypted containers if you use tools like Veracrypt and KeepassXC (although I'd have to check how to automate that
for photos). While that is partial encryption, not full disk encryption, my observation is that it may be enough for most home users because the sensitive material is isolated without having to enter a password (or biometric marketing gimmicks) constantly, every day of the year.

A BIOS password does not protect any of that (AFAIK). A thief can remove
the drive and read it. Biometrics do not protect it either. They only
unlock the Windows session. Once the drive is out of the laptop, the biometric layer is irrelevant (AFAIK).

So my practical Windows security model for a home environment is this:

1. Encrypt the small amount of data that actually matters, such as
passwords and financial records.
2. Keep that data in Veracrypt containers or a password manager.
3. Do not rely on BIOS passwords or biometrics to protect data on a
stolen device because they do not address that threat.

Biometric marketing gimmicks solve a convenience problem, not a data protection problem. If we have a real fear of the people around us, that is
a different threat model, but most home users do not need that level of control (IMHO) in terms of the frequency of passwords they enter.

But it's unrealistic to expect anyone but an expert to install and use Veracrypt containers, it's also largely unrealistic to expect them to
keep absolutely everything always in it's designated place, encrypted or unencrypted as appropriate.

I get that BIOS password doesn't add any real protection but why object
to it so much? It's another thing that any hacker will need to get
around before they can run any hacking tool on a PC.

I also do not see why you regard biometric security as a gimmick. It's
dirt cheap now (cost me œ12 to add a fingerprint reader to my desktop
PC) and works fairly well, and seems to err firmly towards rejecting
fingers that don't match exactly rather than accepting anything vaguely
like my finger. On cold days I even need to warm my finger before
there's any hope of it matching how it looked to the scanner on a hot day.

--
Brian Gregory (in England).

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

Brian Gregory <void-invalid-dead-dontuse@email.invalid> wrote:

On 21/01/2026 18:32, Maria Sophia wrote:

So my practical Windows security model for a home environment is this:

1. Encrypt the small amount of data that actually matters, such as
passwords and financial records.
2. Keep that data in Veracrypt containers or a password manager.
3. Do not rely on BIOS passwords or biometrics to protect data on a
stolen device because they do not address that threat.

Biometric marketing gimmicks solve a convenience problem, not a data
protection problem. If we have a real fear of the people around us, that is >> a different threat model, but most home users do not need that level of
control (IMHO) in terms of the frequency of passwords they enter.

But it's unrealistic to expect anyone but an expert to install and use Veracrypt containers, it's also largely unrealistic to expect them to
keep absolutely everything always in it's designated place, encrypted or unencrypted as appropriate.

I get that BIOS password doesn't add any real protection but why object
to it so much? It's another thing that any hacker will need to get
around before they can run any hacking tool on a PC.

I also do not see why you regard biometric security as a gimmick. It's
dirt cheap now (cost me œ12 to add a fingerprint reader to my desktop
PC) and works fairly well, and seems to err firmly towards rejecting
fingers that don't match exactly rather than accepting anything vaguely
like my finger. On cold days I even need to warm my finger before
there's any hope of it matching how it looked to the scanner on a hot day.

It's simply best to ignore "Maria". He largely makes sense to only himself.




--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

Maria Sophia <mariasophia@comprehension.com> wrote:

Frank Slootweg wrote:

What is your recommendation for privacy on a computer, Frank?

[...]

To answer your question: You probably mean measures to limit the consequences of bad actors having physical access to your (Windows) computer or stealing it, as that's the context of this thread. "privacy
on a computer" is *way* too wide/unspecific/ambiguous/<whatever>.

You are correct. We're assuming a daily boot of a Windows PC with a local account (whether Windows 11 or Windows 10) and people you trust in the home and we're assuming the rare happenstance of a burglar with physical access.

You're making a number of essential mistakes.

For sensible people, there *is* no such thing as "a daily boot". The
system is active or sleeps (Modern Standby) or is hibernated. A 'boot', actually a 'Restart' is only needed once a month at Windows Update time,
if that often.

Note: Windows FDE is Bitlocker, so that is the default interpretation.

No, Windows FDE is only Bitlocker on Windows Professional, etc. On
Windows Home, it's (Settings -> Privacy & Security ->) 'Device
encryption', sort of Bitlocker Lite.

That said, my - rather obvious - recommendations are: A boot password, sign-in protection (password or/and other) and - if needed/practical - Windows' FDE or similar.

Thank you for outlining your model to contrast with mine, where we each optimized the threat protection in reasonably different manners.

I. Frank's proposed security model is system centric & labor intensive.

Nope, it's not "labor intensive" at all. Set up once and forget.

II. The model I suggest is data centric & optimized for convenience.

Yes, it's data centric, but anything *but* convenient, for reasons
others have already pointed out. More below.

Since the goal is for others to learn from our technical conversation
here is a point-by-point summary of the two threat models we proposed.

A. Threat model
1. FS assumes OS level FDE (Bitlocker) protection is required.

No, I said as needed/practical and *if* used, it's 'Device encryption'
not full Bitlocker.

2. MS assume only specific data stores need protection.

B. Boot process
1. FS uses a boot password and sign in protection.
2. MS uses no boot password and no sign in password.

C. Disk protection
1. FS uses Windows FDE so the entire volume is encrypted at rest.
2. MS uses Veracrypt for financial data & KeePassDX for passwords.

D. Forensic residue
1. FS's model encrypts swap, temp files, hibernation files & caches.
2. MS's model protects encrypted containers leaving OS residue readable.

E. Convenience
1. FS accepts daily friction at boot & sign in.

No, no daily bootup and no, no 'friction'. See what the (Settings ->
Accounts ->) 'Sign-in options' *really* offer. It can be as little as absolutely no action, or just one tap.

2. MS eliminates friction at boot & sign in by only unlocking
containers when needed (which the user may unlock only occasionally).

Which is much, much more 'work' than my setup would ever require.

F. Cloud identity
1. FS's model can run without a Microsoft account but if Windows FDE
is used then recovery material must be stored offline by the user.

No, Windows' 'Device encryption' doesn't require the user to keep a
recovery key. The user *can* do so, to protect against a computer
hardware failure.

2. MS's model uses no OS level encryption so no recovery keys exist
and no cloud identity is ever needed at any time (by design).

Then where *do* you keep your passwords to unlock your containers?

G. Physical theft
1. FS's model forces the attacker to defeat FDE for all access.
2. MS's model exposes OS data but protects financial & passwd data.

H. Family access
1. FS's model blocks family members without credentials.

True, but, as explained above, those 'credentials' are a non-issue.

2. MS's model allows family access but keeps sensitive data encrypted.

Summary
1. FS's model maximizes system level protection & minimizes leakage.
But at the cost of daily convenience.

No, as explained, when properly set up, there is very little to no inconvience.

2. Ms's model maximizes daily convenience by protecting data chosen
to encrypt (which the user may unlock only occasionally).

My summary: You're of course entitled to use your system as you see
fit and so do I/others. But you methods are not 'better', i.e. have only advantages and not a single disadavantage, nor are mine. They just are different, that's all. 'Better' does not exist, not in this case and not
in any other case.

--
On Usenet, old men discuss topics that they've thought about for decades.

Well, it didn't take *me* all that long, a few hours perhaps! :-)

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On 2026/1/22 8:55:19, Daniel70 wrote:

On 22/01/2026 7:10 am, Andy Burns wrote:

Daniel70 wrote:

Chris wrote:

What house in any decent area doesn't have jewellery?

Mine .... but then, I don't have a Misses, either! ;-P

A nice watch?

Who needs a Watch .... when I've got my 'phone'?? ;-P

I can glance at my wrist (cheap blue plastic CASIO - had it for years)
far more quickly than I could at a 'phone, if I had one (and both my
hands are free, too). Plus, if I _had_ a smartphone, I'd presumably
mostly be doing something with it (if not, why have one?), so would have
to change/minimise to see the clock (or peer at tiny digits along the
edge of the display).

--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()ALIS-Ch++(p)Ar++T+H+Sh0!:`)DNAf

How do you make somebody do something harder than it has to be
just because it's good for them? - "The Real Bev", 2025/8/17

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On Thu, 22 Jan 2026 07:46:17 +0000, Graham J wrote:

Paul wrote:

[snip]

It's the same with some city employees, you can hear

household noises where they are.

By contrast, if you can hear "office" noises then it's a spammer calling
you ...

I have gotten such calls. Junk callers usually don't leave messages, but I
got one yesterday where the ENTIRE message was a bit of garbled sound that could be half a word (I have no idea what word) or just shuffling papers.

--
Mark Lloyd
http://notstupid.us/

"If at first you don't succeed, look at it this way - you failed."

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On Thu, 22 Jan 2026 20:24:20 +0000, J. P. Gilliver wrote:

On 2026/1/22 8:55:19, Daniel70 wrote:

On 22/01/2026 7:10 am, Andy Burns wrote:

Daniel70 wrote:

Chris wrote:

What house in any decent area doesn't have jewellery?

Mine .... but then, I don't have a Misses, either! ;-P

A nice watch?

Who needs a Watch .... when I've got my 'phone'?? ;-P

I can glance at my wrist (cheap blue plastic CASIO - had it for years)
far more quickly than I could at a 'phone, if I had one (and both my
hands are free, too).

Yes, its faster. Also I find digital faster too. I can look at the digital clock here and have the time almost as fast as my eyes can focus. An
analog clock takes longer to read. Some people claim an analog clock is
better for fuzzy (approximate) time. I prefer to do my own fuzzing (like saying "it's about four" when the time is 4:06).

Plus, if I _had_ a smartphone, I'd presumably
mostly be doing something with it (if not, why have one?), so would have
to change/minimise to see the clock (or peer at tiny digits along the
edge of the display).

--
Mark Lloyd
http://notstupid.us/

"If at first you don't succeed, look at it this way - you failed."

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

Maria Sophia <mariasophia@comprehension.com> wrote:
[...]

Hi Frank,

This discussion is welcome because it compares very different use models.

[...]

My usage pattern is different from yours perhaps because my hardware is
from 2009 and does not wake reliably from sleep or hibernation, so daily shutdown is normal for me.

That makes sensw, but it allso means that you spend more time per day
on shutting down and booting up, than I could possibly ever spend on
needing to 'enter' credentials or otherwise unlok things! :-)

[...]

About recovery keys, AFAIK, Device Encryption may not require the user to store one manually, but it still ties recovery to Microsoft infrastructure unless the user intervenes by taking deliberate steps to prevent the
default behavior. My approach avoids that by not using OS level encryption.

AFAIK, Windows Device Encryption on Home automatically backs up the
recovery key to the user's Microsoft account unless the user actively stops it. That default behavior is what ties recovery to Microsoft
infrastructure.

Windows Device Encryption also works with a local account. I only have
a local account and don't have a Microsoft Account. I believe the key is
stored in the machine's BIOS or similar, hence my comment on saving the
key somewhere locally in case the machine has a fatal hardware failure.

The passwords for my encrypted containers are stored in KeePassDX inside
an encrypted database that is backed up offline. So the container keys
are not tied to a cloud identity. The only passwd I need to know is that to the KeepassDX database, but in general, I remember my encrypted volume passwords so I don't need to access the backup inside the keepass db.

Yes, but you *do* need to enter (or auto-fill) those passwords when
you 'open' your containers. That may well be way more effort than the occasional screen-unlock that I might have to do. (Note: Screen-unlock,
not Sign-in, because I never sign-out, unless I have to for some
uncommon reason.) Note: *I* don't consider any of this any effort at
all, but as you do, I describe the difference between your and my way of
doing things.

Given what we've compared I agree that neither model is universally better since mine is designed for minimum friction and yours is designed for a far greater threat model than I feel at my home in the Santa Cruz Mountains.

I'm sure a burglary happens where I live, but I have no experience with it and I don't need to add a dozen locks to my doors that have to be opened
all day, every day. I prefer simply to lock the shed where I keep my tools, and then, once a week or so, I can go to the trouble to unlock it then.

I am also not afraid of my system getting stolen from our house, but
it is a laptop which regularly travels outside our house and there it's
way more prone to being stolen/lost/damaged. In contrast, my wife's
system is a 'desktop' (actually a Mini-PC) and that does not have a
bootup password, no Sign-in/Unlock password and no encryption of any
kind.

[...]

Both approaches are valid depending on hardware age, habits and
tolerance for friction. I have no tolerance for extra steps.

I also have no tolerance for extra steps, that's why we live in a
one-level appartment! :-)

[...]

--
If it takes two steps to do something on a computer, cut it in half.

Isn't that a waste of a probably perfectly good computer! :-)

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On 2026/1/23 9:26:42, Daniel70 wrote:

[]

I moved into this house about Ten years ago and, for some reason or
other, the Phone Landline socket is positioned on the far wall of the
main bedroom.

I don't know about you but I don't spend much time in my Bedroom ....
except when I'm sleeping .... so, after rushing from the Loungeroom to
the Bedroom when the phone rang .... only to find it was a Spammer
calling, I brought myself a Cordless phone with Answer machine built
into the Base station .... so, if the phone rings, I let the Answer
machine do its job .... and, usually, by the time the Answer machines Welcome message has finished, the caller has hung up.

Job Done!! ;-P

I have a (corded, as it happens) 'phone at my elbow, so answer almost immediately (startles some callers!); however, especially around 10:30am
which seems to be peak phishtime, I don't actually _say_ anything for a
few seconds; the same applies - the autodialler (or whatever) gives up.
(A real caller will usually say something in that time.)

--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()ALIS-Ch++(p)Ar++T+H+Sh0!:`)DNAf

You can't abdicate and eat it
- attributed to Wallis Simpson, in Radio Times 14-20 January 2012.

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

Frank Slootweg wrote on 1/23/2026 8:18 AM:

Maria Sophia <mariasophia@comprehension.com> wrote:

AFAIK, Windows Device Encryption on Home automatically backs up the
recovery key to the user's Microsoft account unless the user actively stops >> it. That default behavior is what ties recovery to Microsoft
infrastructure.

Windows Device Encryption also works with a local account. I only have
a local account and don't have a Microsoft Account. I believe the key is stored in the machine's BIOS or similar, hence my comment on saving the
key somewhere locally in case the machine has a fatal hardware failure.

Windows Home Device Encryption when enabled
- first looks to store the key in the MSFT account that was initially
used to setup(first use) the device even if that MSFT account was
switched to a local logon. If not setup with a MSFT account or MSFT
account no longer present on device, the only options for the user to
obtain the key are - Save to USB, copy to paper, copy and save to text file.
- the key itself for validation purposes is stored on the device, but
not in readable or accessible form.


--
...w­¤?ñ?¤

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On 22/01/2026 15:59, Maria Sophia wrote:

On biometrics, a key point is that they do not protect data at rest.
A fingerprint or face scan unlocks the Windows session, but once the
drive is removed from the laptop the biometric layer is irrelevant. The
data on the drive is readable unless it is encrypted. Biometrics solve a convenience problem for sign in, not a data protection problem for a
stolen device. That is why I treat them more as a marketing gimmick rather than a security control for data at rest.

Obviously biometrics are not something you add to add protection.
They simply avoid you having to type a password or PIN.

The hope is you can have your PC lock itself more often without it
causing any annoyance.

My model is simple and well thought out to be optimized for convenience.
1. Encrypt the small amount of data that matters.
2. Keep it in Veracrypt containers or a password manager.
3. Do not rely on BIOS passwords or biometrics for data at rest.
4. Optimize for convenience during daily use.

My BIOS password is just another small obstacle in the path of a bad actor.

--
Brian Gregory (in England).

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

Brian Gregory <void-invalid-dead-dontuse@email.invalid> wrote:

On 22/01/2026 15:59, Maria Sophia wrote:

[...]

My model is simple and well thought out to be optimized for convenience.
1. Encrypt the small amount of data that matters.
2. Keep it in Veracrypt containers or a password manager.
3. Do not rely on BIOS passwords or biometrics for data at rest.
4. Optimize for convenience during daily use.

My BIOS password is just another small obstacle in the path of a bad actor.

A *BIOS* password indeed a - IMO not so - 'small' obstacle, but, as I mentioned, it's the *boot* password which adds essential protection.

So the BIOS password prevents booting from for example a Linux USB
stick (and accessing the disk that way) and the boot password prevents
booting Windows. After that, sign-in protection prevents signing in and encryption (full or partial) prevents access to essential private data
(in case the 'drive' is removed from the system).

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On Fri, 23 Jan 2026 20:17:11 +1100, Daniel70 wrote:

[snip]

Having been in the Army, where you could get into trouble for not being
where you are supposed to be WHEN you are supposed to be there .... so I usually have my Car clock set three to five minutes fast .... you know.
just in case!! (even having been out of the Army over thirty years)

I used to know someone who did that. I'd rather set my watch RIGHT and do
my own thinking, and leave on time.

BTW, I get tired of hearing "fast" and "slow" used improperly, when the problem has nothing to do with speed.

--
Mark Lloyd
http://notstupid.us/

"Think not that I am come to send peace on earth; I came not to send
peace, but a sword." -- Jesus, Matthew 10:34

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On Fri, 23 Jan 2026 16:09:08 +0000, J. P. Gilliver wrote:

[snip]

I have a (corded, as it happens) 'phone at my elbow, so answer almost immediately (startles some callers!); however, especially around 10:30am which seems to be peak phishtime, I don't actually _say_ anything for a
few seconds; the same applies - the autodialler (or whatever) gives up.
(A real caller will usually say something in that time.)

I often hang up after saying "hello" twice with no response, unless it's someone I know who often does that.

I got a call this morning that I didn't answer because of multiple signs
of it being a machine.

1. The NAME* appearing on caller ID was identical to the number.

2. The caller did leave a message, but it was "beginning truncated" (the
first few seconds of the message were missing, like the machine was too
stupid to WAIT FOR THE BEEP). What I heard first was "(half a word) in
your area".

3. The call ended with a few seconds of busy signal, which I hear
indicates the call was not disconnected properly (it doesn't happen on legitimate calls).

* - a feature that I really wish that mobile phones would have. It can be
used to detect and ignore most junk calls.

--
Mark Lloyd
http://notstupid.us/

"Think not that I am come to send peace on earth; I came not to send
peace, but a sword." -- Jesus, Matthew 10:34

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On Fri, 1/23/2026 2:06 PM, Mark Lloyd wrote:

On Fri, 23 Jan 2026 20:17:11 +1100, Daniel70 wrote:

[snip]

Having been in the Army, where you could get into trouble for not being
where you are supposed to be WHEN you are supposed to be there .... so I
usually have my Car clock set three to five minutes fast .... you know.
just in case!! (even having been out of the Army over thirty years)

I used to know someone who did that. I'd rather set my watch RIGHT and do
my own thinking, and leave on time.

BTW, I get tired of hearing "fast" and "slow" used improperly, when the problem has nothing to do with speed.

There is the frequency adjustment of the reference oscillator,
to avoid first order drift. On typical time pieces, this
runs at 32768.0000 Hz (above human hearing). A watchmaker may
have a suitable instrument while working to correct the value.
A trimmer capacitor is inside the watch, to make tweaks.
The RTC in a personal computer is missing this adjustment.

And there is the purposeful register offset, to arrive
at destinations ahead of an appointment. The register
could be adjusted ahead, behind, or nominal.

"I set my watch ahead, so I will always be on time for appointments"

[well, not absolutely always, depends on paragraph 1]

Good time pieces are temperature compensated, as the ambient
temperature changes, the tempco of some of the elements are
made to cancel, and it gives the impression the device
is temperature invariant (which it is not). Scientific American
used to have articles about this, in the Amateur Scientist section.
Some cars have had excellent temperature compensated time clock pieces.

There is one computer design, which cannot tell time under any circumstances. The NVidia NForce2, if operated with a non-canonical BCLK, would go nuts
and the time could not be nulled, even with NTP cranked way up to adjust
it. The MCP chip was fine at 66MHz, 100MHz, 133MHz sort of thing, but if you selected 75MHz or 129MHz, that caused the time to jump all over the place
from reading to reading. I don't think NVidia ever admitted to that,
but for the people playing with that, they got the entertainment value
for sure.

Paul

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On 2026/1/23 19:6:20, Mark Lloyd wrote:

On Fri, 23 Jan 2026 20:17:11 +1100, Daniel70 wrote:

[snip]

Having been in the Army, where you could get into trouble for not being
where you are supposed to be WHEN you are supposed to be there .... so I
usually have my Car clock set three to five minutes fast .... you know.
just in case!! (even having been out of the Army over thirty years)

I used to know someone who did that. I'd rather set my watch RIGHT and do
my own thinking, and leave on time.

BTW, I get tired of hearing "fast" and "slow" used improperly, when the problem has nothing to do with speed.

Those two words do also have another meaning, relating specifically to timepieces and having nothing to do with speed, only offset; consult any
good dictionary.

--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()ALIS-Ch++(p)Ar++T+H+Sh0!:`)DNAf

The fact that there is a highway to hell and only a stairway to heaven
says a lot about anticipated traffic numbers.

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On 2026/1/23 19:19:40, Mark Lloyd wrote:

On Fri, 23 Jan 2026 16:09:08 +0000, J. P. Gilliver wrote:

[snip]

I have a (corded, as it happens) 'phone at my elbow, so answer almost
immediately (startles some callers!); however, especially around 10:30am
which seems to be peak phishtime, I don't actually _say_ anything for a
few seconds; the same applies - the autodialler (or whatever) gives up.
(A real caller will usually say something in that time.)

I often hang up after saying "hello" twice with no response, unless it's someone I know who often does that.

I got a call this morning that I didn't answer because of multiple signs
of it being a machine.

1. The NAME* appearing on caller ID was identical to the number.

2. The caller did leave a message, but it was "beginning truncated" (the first few seconds of the message were missing, like the machine was too stupid to WAIT FOR THE BEEP). What I heard first was "(half a word) in
your area".

3. The call ended with a few seconds of busy signal, which I hear
indicates the call was not disconnected properly (it doesn't happen on legitimate calls).

* - a feature that I really wish that mobile phones would have. It can be used to detect and ignore most junk calls.

I've never seen a landline 'phone that displays a NAME - other than ones
where YOU can program in (to the handset or the basestation) names that
YOU associate with certain numbers.

--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()ALIS-Ch++(p)Ar++T+H+Sh0!:`)DNAf

The fact that there is a highway to hell and only a stairway to heaven
says a lot about anticipated traffic numbers.

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

Brian Gregory <void-invalid-dead-dontuse@email.invalid> wrote:

On 22/01/2026 15:59, Maria Sophia wrote:

On biometrics, a key point is that they do not protect data at rest.
A fingerprint or face scan unlocks the Windows session, but once the
drive is removed from the laptop the biometric layer is irrelevant. The
data on the drive is readable unless it is encrypted. Biometrics solve a
convenience problem for sign in, not a data protection problem for a
stolen device. That is why I treat them more as a marketing gimmick rather >> than a security control for data at rest.

Obviously biometrics are not something you add to add protection.
They simply avoid you having to type a password or PIN.

Disagree. You can't guess a biometric like you can a PIN. You can't
shoulder surf someone's biometric like a PIN code.

Biometrics are more secure. If implemented properly, obviously. Some early mobile phone implementations were terrible.


--- PyGate Linux v1.5.5
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On Fri, 23 Jan 2026 19:08:30 -0500, Paul wrote:

[snip]

There is the frequency adjustment of the reference oscillator,
to avoid first order drift. On typical time pieces, this runs at
32768.0000 Hz (above human hearing).

I remember about those crystals. You really need 1Hz but a 1Hz crystal
would be much too big. 32768 is exactly 2^15, so it's easy for an
electronic circuit to get 1Hz from that.

A watchmaker may have a suitable
instrument while working to correct the value.
A trimmer capacitor is inside the watch, to make tweaks.
The RTC in a personal computer is missing this adjustment.

And there is the purposeful register offset, to arrive at destinations
ahead of an appointment. The register could be adjusted ahead, behind,
or nominal.

"I set my watch ahead, so I will always be on time for
appointments"

[well, not absolutely always, depends on paragraph 1]

I always set it to the right time, and leave early for appointments.
Setting it wrong could be confusing.

Good time pieces are temperature compensated, as the ambient temperature changes, the tempco of some of the elements are made to cancel, and it
gives the impression the device is temperature invariant (which it is
not). Scientific American used to have articles about this, in the
Amateur Scientist section.
Some cars have had excellent temperature compensated time clock pieces.

My mother's Volvo had a clock like that. It kept really good time, but was hard to set. She never changed it for DST, just remembered the offset.

BTW, I've been calling DST "Damn Stupid Time". The nonsense idea that
changing clocks could actually give you more time (or more daylight).

Another clock I've seen was on a TV news show seen all over the country.
The clock had only a minute hand, since the hour would be different in different places.

[snip]
--
Mark Lloyd
http://notstupid.us/

"Sit down before fact as a little child, be prepared to give up every preconceived notion, follow humbly wherever and to whatever abyss nature
leads, or you shall learn nothing." Thomas Henry Huxley

--- PyGate Linux v1.5.5
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On Sat, 24 Jan 2026 00:16:33 +0000, J. P. Gilliver wrote:

On 2026/1/23 19:19:40, Mark Lloyd wrote:

On Fri, 23 Jan 2026 16:09:08 +0000, J. P. Gilliver wrote:

[snip]

I have a (corded, as it happens) 'phone at my elbow, so answer almost
immediately (startles some callers!); however, especially around
10:30am which seems to be peak phishtime, I don't actually _say_
anything for a few seconds; the same applies - the autodialler (or
whatever) gives up. (A real caller will usually say something in that
time.)

I often hang up after saying "hello" twice with no response, unless
it's someone I know who often does that.

I got a call this morning that I didn't answer because of multiple
signs of it being a machine.

1. The NAME* appearing on caller ID was identical to the number.

2. The caller did leave a message, but it was "beginning truncated"
(the first few seconds of the message were missing, like the machine
was too stupid to WAIT FOR THE BEEP). What I heard first was "(half a
word) in your area".

3. The call ended with a few seconds of busy signal, which I hear
indicates the call was not disconnected properly (it doesn't happen on
legitimate calls).

* - a feature that I really wish that mobile phones would have. It can
be used to detect and ignore most junk calls.

I've never seen a landline 'phone that displays a NAME - other than ones where YOU can program in (to the handset or the basestation) names that
YOU associate with certain numbers.

AFAIK, all landline systems have it now (although I don't know about
wireless home phone service from a cell company). Older phones will
require a separate display device. For a long time I've used cordless
phones with the CID display (both name and number) built-in.

BTW, most of the ones (separate CID displays) I had used a reflective LCD display with no backlight. These were hard to read unless you get the
angle just right.

For junk calls, many show 1 of these 2 patterns in the name display:

1. CITY ST (like TELEPHONE TX). I hear that that's what happens when the number is not registered, and it's trying to tell you where the call is
coming from. This is most likely useless when you're dealing with spoofed numbers, but the pattern usually does identify a robocall.

2. The NAME field has just a number in it, often the same as the number
field.

BTW, there really is a TELEPHONE TX. It's a little town which probably has nothing to do with the spammer.

OT: We had a little snow last night.

--
Mark Lloyd
http://notstupid.us/

"Sit down before fact as a little child, be prepared to give up every preconceived notion, follow humbly wherever and to whatever abyss nature
leads, or you shall learn nothing." Thomas Henry Huxley

--- PyGate Linux v1.5.5
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On 2026/1/24 17:33:13, Mark Lloyd wrote:

On Sat, 24 Jan 2026 00:16:33 +0000, J. P. Gilliver wrote:

[]

I've never seen a landline 'phone that displays a NAME - other than ones
where YOU can program in (to the handset or the basestation) names that
YOU associate with certain numbers.

AFAIK, all landline systems have it now (although I don't know about wireless home phone service from a cell company). Older phones will
require a separate display device. For a long time I've used cordless
phones with the CID display (both name and number) built-in.

I don't think the POTS in the UK supplies name information (or anything textual) - only calling number. (I don't _think_ even the mobile
[cellular] networks do.)

You can get handsets (for POTS - I think it's more or less universal for
mobile ones) which do display name, but you have to program in yourself
the names that go with numbers that call you - the system doesn't
provide that information.

BTW, most of the ones (separate CID displays) I had used a reflective LCD display with no backlight. These were hard to read unless you get the
angle just right.

For junk calls, many show 1 of these 2 patterns in the name display:

1. CITY ST (like TELEPHONE TX). I hear that that's what happens when the number is not registered, and it's trying to tell you where the call is coming from. This is most likely useless when you're dealing with spoofed numbers, but the pattern usually does identify a robocall.

2. The NAME field has just a number in it, often the same as the number field.

BTW, there really is a TELEPHONE TX. It's a little town which probably has nothing to do with the spammer.

OT: We had a little snow last night.

Just a lot of rain here (Kent, SE England).

--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()ALIS-Ch++(p)Ar++T+H+Sh0!:`)DNAf

"quidquid latine dictum sit, altum viditur".
("Anything is more impressive if you say it in Latin")


--- PyGate Linux v1.5.5
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

Mark Lloyd wrote on 1/24/2026 10:33 AM:

On Sat, 24 Jan 2026 00:16:33 +0000, J. P. Gilliver wrote:

I've never seen a landline 'phone that displays a NAME - other than ones
where YOU can program in (to the handset or the basestation) names that
YOU associate with certain numbers.

AFAIK, all landline systems have it now (although I don't know about
wireless home phone service from a cell company). Older phones will
require a separate display device. For a long time I've used cordless
phones with the CID display (both name and number) built-in.

BTW, most of the ones (separate CID displays) I had used a reflective LCD display with no backlight. These were hard to read unless you get the
angle just right.

It depends upon the type or land line phone - some older models(handset
anb base) do not have a display, while others(a some older and newer)
have a display.
The caller content information displayed on the latter may also have variation. Additionally, without caller ID(sometimes an add-on, extra $)
the information may be limited to the user entry of number and name(I've
one of those in my garage - land-line connection without caller id, but displays name/# that I entered manually in the phone's available
programmable option - it retains the info even if removed from its wall(land-line) phone jack.

Another land-line in the house is connected with a AC powered base(holds
and recharge cordless handsets) - one master base, plus two remote AC
bases and handsets. The remotes sync with the master(messages and
programmed named/phone#, etc.), the master auto-answers and stores
messages from the caller. All handsets, as noted can access the master
stored caller left messages
- I rarely answer any landline, just let it ring(3x) before it answers
and starts the leave a message mode(which I leave blank) - some callers
may leave a message, other's never with some obviously trying to figure
out what to do before hanging up.


--
...w­¤?ñ?¤

--- PyGate Linux v1.5.5
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

Maria Sophia wrote on 1/24/2026 1:45 PM:

Windows Home Device Encryption when enabled
ÿ - first looks to store the key in the MSFT account that was initially
used to setup(first use) the device even if that MSFT account was
switched to a local logon. If not setup with a MSFT account or MSFT
account no longer present on device, the only options for the user to
obtain the key are - Save to USB, copy to paper, copy and save to text
file.
ÿ - the key itself for validation purposes is stored on the device, but
not in readable or accessible form.

Thanks for the clarification. I was researching this in a response for Paul just now in the bitlocker thread (where MS handed the keys to LE), where we need to pin down the distinction between Device Encryption on Home and full BitLocker on Pro with respect to where we "can" store the encryption keys.

AFAIK...
i. Windows Home does not include full BitLocker. It includes Device
ÿ Encryption, which is a limited version with almost no user control.

Previously covered in this thread like the other Roman numeral points.

v. The recent reports about Microsoft providing recovery keys to law
ÿ enforcement involved keys stored in Microsoft accounts. That perhaps
ÿ most applies to default Device Encryption on Home, and maybe not ÿ so much to BitLocker on Pro when configured with local-only protectors.

It applies to requests with a valid legal requests for Bitlocker keys(for devices that support Bitlocker) stored in their Microsoft accounts(which
is the only location MSFT has access to Recovery keys, i.e. they can't
and don't mine Windows devices for Recovery key content in any form).

In summary, I think that Windows Home users do not have the same kind of control over key storage that Windows Pro users have.

At least, you're getting closer to the entire picture(Bitlocker
Encryption is fully supported on Enterprise and Edu editions, too)

That is why the default workflow on Home ends up with the
recovery key in a Microsoft account in most cases.

It does not(for Windows Home)


--
...w­¤?ñ?¤

--- PyGate Linux v1.5.5
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

Maria Sophia wrote on 1/24/2026 8:17 PM:

...w???ÿ wrote:

In summary, I think that Windows Home users do not have the same kind of >>> control over key storage that Windows Pro users have.

At least, you're getting closer to the entire picture(Bitlocker
Encryption is fully supported on Enterprise and Edu editions, too)

Thanks for the clarification, where I just opened a separate thread on why, in my case of an older machine, and for consistency & greater protection
even on current Windows 11 Home versus Pro machines, Veracrypt has some decisive FDE advantages over anything Microsoft marketing has provided us.

Subject: PSA: Veracrypt has pre boot authentication (& why it's better

You'll have to get the choir to discuss that..it's not a popular tool in
the Enterprise/Edu/Gov community where encryption has wider use and preference. Some might even consider it(Veracrypt) old, unreliable and
late to the party on updating, no official tech support, and UI
design-wise inadequate/cumbersome/dysfunctional.


...w­¤?ñ?¤

--- PyGate Linux v1.5.5
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

On Sun, 1/25/2026 1:35 AM, ...w­¤?ñ?¤ wrote:

Maria Sophia wrote on 1/24/2026 8:17 PM:

...w???ÿ wrote:

In summary, I think that Windows Home users do not have the same kind of >>>> control over key storage that Windows Pro users have.

At least, you're getting closer to the entire picture(Bitlocker Encryption is fully supported on Enterprise and Edu editions, too)

Thanks for the clarification, where I just opened a separate thread on why, >> in my case of an older machine, and for consistency & greater protection
even on current Windows 11 Home versus Pro machines, Veracrypt has some
decisive FDE advantages over anything Microsoft marketing has provided us. >>
Subject: PSA: Veracrypt has pre boot authentication (& why it's better

You'll have to get the choir to discuss that..it's not a popular tool in the Enterprise/Edu/Gov community where encryption has wider use and preference.ÿ Some might even consider it(Veracrypt) old, unreliable and late to the party on updating, no official tech support, and UI design-wise inadequate/cumbersome/dysfunctional.

...w­¤?ñ?¤

I think we'd want a cryptographer of some note, to
do the analysis.

Maybe the people who did the audit, are the only ones
who would want to take a public stance.

Also, one of the problems with tracking Veracrypt, is
people make claims about it, and someone who uses it
will point out that a particular issue has been fixed.

The GUI is "inherited" from Truecrypt, rather than
being designed from scratch that way.

It takes 15 seconds for the unlocking password to take,
but that's because the PIM was turned up. Turning it down,
is at your own discretion (like if you didn't fear some
government activity). The high PIM value is to prevent
brute forcing with a set of Amazon instances.

Paul

--- PyGate Linux v1.5.5
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Any point to password protecting the bios if only 3 people in the household, and 2 know nothing about bioses?

..w­¤?ñ?¤ <winstonmvp@gmail.com> wrote:

Maria Sophia wrote on 1/24/2026 8:17 PM:

...w???ÿ wrote:

In summary, I think that Windows Home users do not have the same kind of >>>> control over key storage that Windows Pro users have.

At least, you're getting closer to the entire picture(Bitlocker
Encryption is fully supported on Enterprise and Edu editions, too)

Thanks for the clarification, where I just opened a separate thread on why, >> in my case of an older machine, and for consistency & greater protection
even on current Windows 11 Home versus Pro machines, Veracrypt has some
decisive FDE advantages over anything Microsoft marketing has provided us. >>
Subject: PSA: Veracrypt has pre boot authentication (& why it's better

You'll have to get the choir to discuss that..it's not a popular tool in
the Enterprise/Edu/Gov community where encryption has wider use and preference. Some might even consider it(Veracrypt) old, unreliable and
late to the party on updating, no official tech support, and UI
design-wise inadequate/cumbersome/dysfunctional.

In a professional environment veracrypt is an anachronism. IT depts want to
be able to manage the many hundreds and thousands of machines they maintain through policy and central administrative systems.

Thus, with bitlocker they can remote wipe machines and if a staff member
has somehow locked themselves out of their machine the encryption key can
be restored.

They do not want to have to manage each machine manually. Nor do they want users to install their own shadow systems either.

In the workplace staff have no right to privacy so this is all moot anyway.






--- PyGate Linux v1.5.5
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)