So some time ago I set up a BIOS “User” password and and “Admin” password on a laptop.
For those who doesn’t know. A BIOS “User” password is prompted every time you boot a computer using that motherboard, and the “Admin” password is prompted when you attempt to enter the BIOS settings
If you have both set up, either password is accepted on boot, but only the “Admin” password is accepted for getting into the BIOS Settings.
I’ve just had both of these set up because I’m weird and paranoid (before you say “encryption”, yes the disk is also encrypted), and I got into a habit of just using the Admin password for boot.
But now I think its unnecessary and annoying now and doesn’t seem to do much since the disk is also encrypted, so I tried to remove the “User” password in the BIOS settings, but I forgot the User password. Inputing the Admin password is rejected as “incorrect password”, but its accepted when you try to change to Admin password. Wtf lol. The Laptops I had before this one, allows the Admin to reset the User Password, wtf is this new change? Admin cannot reset User Password? Make zero sense lol. So I guess I’m just stuck with this unchangeable setting? Triggers my OCD so much that there’s a setting now I can’t toggle on/off.
I mean it’s still perfectly usable as long as I keep the Admin password enabled and not mess with that, so this is the definition of mildly infuriating, just very samll annoyance I’m stuck with.
It’s an Asus Zenbook btw if you’re wondering.
is it not possible to delete/turn off the user/boot password requirement all together and then save and reboot then try setting it again? I’ve never seen a mb that cared about user password entry, admin gave bios access and from there any setting was able
sorry for taking a tangent and let me preface by saying I’m not criticizing your setup or desire for security at all. it’s obviously adding a particular kind of physical roadblock to what stealing your stuff would require.
but I discovered that BIOS setting at a young age and have had this burning question about what exactly does it protect? it does prevent booting but in a situation where somebody has access to your computer that only really stops them from using your motherboard right? is OP’s usecase the actual intention, where somebody would be required to physically steal at least part of the computer in order to access it?
On school computers it blocked us from just booting a live usb and accessing the whole disk
Motherboard has a key on it that is used to generate a key pair with your disk when encrypted. So you can’t just snag the drive and pop it in another computer.
Note; I have simplified the technical details above for simplicity, on a technical level you’d want to read up for a technically corrected explanation.
ohhhhhh. I had no idea it did that. no, thank you for simplifying it. I’m only self-taught so I barely have a hobbyist’s understanding of computers.
Are CMOS batteries still a thing? Removing that and the laptop battery should wipe the BIOS to the default settings. Actually before that, can you reset the BIOS settings with the admin password, and will that wipe the user password settings?
That hasn’t worked on any (good) machine for the last 20 years. Especially now in the EFI age any important settings like that are stored in nvram.
Resetting settings doesn’t seem to affect passwords, I tried it.
Maybe you can check the manual if the laptop has a CMOS battery. If it does, you’ll have to take apart the laptop to remove the battery for a few minutes, which will reset all the settings.
I searched the entire PDF for “CMOS” and cant find anything. I read a few reddit threads saying modern laptops don’t store CMOS settings in volitile memory anymore, so its harder to bypass.
I don’t know if these will work, but some of the commenters seem to have had success:
https://www.reddit.com/r/ASUS/comments/12dt39q/
I hope you figure it out. At least the settings are still accessible and the system is bootable.
You could try to dump the EEPROM and get a hold of the user password or override it by reprogramming it.
If it’s an EEPROM it can also be reset electronically by accessing the pins soldered onto the bord, but I don’t know any details about that.
If it honestly doesn’t permit the User password to be reset, is there a “factory reset the whole BIOS” option?
Couldn’t find such option. I find a “load default settings” thing, but the passwords are unaffected by that. I tried updating the BIOS but the passwords are still intact.
I wonder if there’s a tool that can reset the BIOS from the OS.
Have you tried doing a full BIOS update? As in, download from the manufacturer. I wonder if that would overwrite the passwords.
I downloaded the BIOS on a USB drive, I went into the BIOS menu and updated it. The version number is now different, but the passwords remain. 🤷♂️
Did you try typing in the user password instead of the admin password when it asks for a password?
It probably wants you to authenticate as that user in order to delete the password requirement for it. The admin account probably doesn’t let you alter any of the settings for a different user. User space management with bios is often limited.
Again, the problem is, I forgot the User password. I didn’t try too hard commiting that to memory because I just assumed (like with previous laptops) that I can reset it if I forget.
I can get to the BIOS Menu but it has 3 lines, one asks for “Current Password” and then the other two is “new password” and “confirm new password”. It doesn’t recognize the admin password as a valid password, but it does recognize it if I try to change the admin passwors instead. I tried removing the Admin password, and did it, but the User password is still in place, so I just quickly re-added the admin password back in so I don’t lock myself out when I reboot.
Not sure if this is a “modern laptop” thing, or if its only Asus that does that. I had HP and Dell before, and they just let you reset the user password with he admin one.
I’m very sorry, I missed the part when you said you didn’t know the user password. My bad!
It sounds like the way that the user space is managed in your bios won’t permit any other alternatives other than the possibility of deleting the user account using the administrator account? Is that possible?
You’re not gonna be able to reset that password unless you know it. That’s kind of the point of the password. Unfortunately, it seems that your bios does not allow for you to change the user password without knowing the old one, but it may let you delete the account altogether and re-create it with a new password. That however, may cause a bunch of other problems that I can’t really predict without knowing a lot more information.
Don’t try doing this until we talked about this a bit more.
Is this an LLM?
