Welcome to our peer-to-peer forums, where owners help owners. Need help now? Visit eSupport here.

English Community

ThinkPad NotebooksThinkPad: T400 / T500 and newer T series Laptops
All Forum Topics
Options

3 Posts

09-27-2018

Singapore

5 Signins

48 Page Views

  • Posts: 3
  • Registered: ‎09-27-2018
  • Location: Singapore
  • Views: 48
  • Message 1 of 2

Problem simulating lost user HDD password on T480

2018-09-27, 3:55 AM

Hi folks,

 

I have a T480, running 1.16 BIOS and an FDE enabled drive.

 

If I set user+master password for FDE, then assuming I'm in BIOS setup, I can use master password to specify a new user password. That's great.

 

However, I still need to the user FDE password to get into to BIOS setup in the first place. Even with a supervisor password set on the BIOS, the entry process is F1 > user FDE pass > supervisor pass.

 

This seems to completely negate the benefit of having a master FDE password. Imagine user forgets their FDE password, or is hit by a bus, etc. Administrator should, in posession of master FDE password and supervisor password, be able to access BIOS and change user password.

 

I have observed threads such as:

 

https://forums.lenovo.com/t5/ThinkPad-X-Series-Laptops/BIOS-disc-user-password-lost-X270-ssd/m-p/3791945#M79318

 

and another thread (cannot find it now) that advises pulling the drive in order to only need the supervisor password to access setup.

 

I don't quite understand this interaction. From my perspective, something broken about the password management.

 

Has anybody encountered any solutions for the above scenario?

Reply
Options

3 Posts

09-27-2018

Singapore

5 Signins

48 Page Views

  • Posts: 3
  • Registered: ‎09-27-2018
  • Location: Singapore
  • Views: 48
  • Message 2 of 2

Re: Problem simulating lost user HDD password on T480

2018-10-04, 3:25 AM
For those who might also wonder how to deal with this situation, I am adopting the following approach:

- Admin retains BIOS supervisor and FDE passwords
- User uses fingerprint to unlock FDE

If user loses their fingerprint, or we lose the user, we still have text-based password entry.

I'm not completely happy with this approach, as it may inconvenience the user if they temporarily damage their fingerprint, but it's still more convenient than restoring from backup if user loses password.
Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete

X

No, I don’t want to share ideas Yes, I agree to these terms