Showing results for 
Search instead for 
Did you mean: 
Paper Tape
Posts: 2
Registered: ‎01-30-2012
Location: Cleveland, Ohio
Views: 4,800
Message 1 of 5

Power on and HDD password for Thinkpads



I was wondering under what circumstances the Power on and HDD passwords for Thinkpads could be circumvented.  I'm bringing this up because even when I have these two passwords set, you can do a restart of the laptop, which bypasses those two checks.


The scenario I'm wondering about is if an up and running Thinkpad was taken, would it be possible to restart the machine with a linux distro in the tray, reset passwords and then reboot back to windows.  I'm not especially worried if the Thinkpad is physically turned off because I know the power-on and hdd passwords will kick in.  I'm more concerned about a Thinkpad where a user is accustomed to just leaving the thing on all the time.


I take care of IT issues for a small business and I'm implementing this level of security on the laptops.  I want to be able to tell the owner that as long as strong passwords are used and a person doesn't have them written down on a sticky taped to the Thinkpad, if it's stolen no-one is getting into the hard drive.

Retired SuperMod
Retired SuperMod
Posts: 9,293
Registered: ‎11-27-2007
Location: SK
Views: 4,793
Message 2 of 5

Re: Power on and HDD password for Thinkpads

Haiku welcome to the forum,


good question, asking it the other way around would also have resulted in you being quoted from the froum rules;


No posts shall include instructions or directions intended to subvert security measures, including passwords, locking mechanisms, fingerprint scans, etc, nor shall any posts provide descriptions to the location of, nor direct links to content related to these topics.


We can advise you to refer to the Hardware Maintainance Manuals for the systems concerned, having read the information, (which is basically the same for all ThinkPads), you should hopefully be a little more enlightened.


The power on password is definitely the weakest of all the passwords along with the Windows user password, HDD passwords are very safe. More discussion and information on HDD passwords can be found in this thread.


There's no way to make a computer 100% safe, it would be lying to presume otherwise, but there are soft and hardware solutions which get pretty close depending on the level of security you require e.g proximity sensors is one idea which could be used if a running system is stolen, Remote Disable is also another possibility.


For the scenario you mention, booting from a Linux disc, firstly the HDD password will need to be entered at startup, secondly you could remove the option to boot from optical, usb drives and any other options you care to exclude in BIOS, lock the BIOS settings having set a Supervisor password (SVP). This would result in the person trying to gain access having knowledge of the SVP in order to be able to change the boot order and becaue of the HDD passwords they would need another sinilar system and also need to know the HDD password.


Hopefully that answers some or most of your questions, but please avoid the obvious forbidden discussion.



Please remember to come back and mark the post that you feel solved your question as the solution, it earns the member + points

Did you find a post helpfull? You can thank the member by clicking on the star to the left awarding them Kudos

Please add your type, model number and OS to your signature, it helps to help you.

Forum Search Option

T430 2347-G7U W8 x64, Yoga 10 HD+, Tablet 1838-2BG, T61p 6460-67G W7 x64, T43p 2668-G2G XP, T23 2647-9LG XP, plus a few more.

FYI Unsolicited Personal Messages will be ignored.

de.gif  Deutsche Community   es.gif  Comunidad en Español  uk.gif  English Community ru.gif Русскоязычное Сообщество

PepperonI blog 

Paper Tape
Posts: 2
Registered: ‎01-30-2012
Location: Cleveland, Ohio
Views: 4,780
Message 3 of 5

Re: Power on and HDD password for Thinkpads

Yeah sorry about that, it was a difficult question to ask "correctly".  That is a good point though about restricting devices from the boot order within the BIOS.


Thank you.

Broadband 3G
Posts: 999
Registered: ‎01-06-2011
Location: Sacramento, CA
Views: 4,752
Message 4 of 5

Re: Power on and HDD password for Thinkpads

Short of replacing the motherboard they are not going to bypass the BIOS password. HDD passwords can be bypassed with a low level format, however that will take the data with it. If the HDD does not have built in hardware encryption it could still be possible to recover data from it in the event of theft, although this will take some skill. For this reason HDD passwords are best used with hardware encrypted drives (that's what they're really for).

Community SeniorMod
Community SeniorMod
Posts: 8,971
Registered: ‎01-01-2010
Location: US
Views: 4,689
Message 5 of 5

Re: Power on and HDD password for Thinkpads

hard drive security CANNOT be bypassed with a low-level format. The ATA command to do that requires the password.


I do not respond to requests for private, one-on-one help. Your questions should be posted in the appropriate forum where they may help others as well.

If a response answers your question, please mark it as the accepted solution.

I am not an employee or agent of Lenovo.

Check out current deals!

Shop current deals