XPost: alt.comp.os.windows-10   
   From: mariasophia@comprehension.com   
      
   Brian Gregory wrote:   
   > On 20/01/2026 20:43, Maria Sophia wrote:   
   >> Brian Gregory wrote:   
   >>>> Unless you're Jeffrey Epstein, they likely want the hardware, not the   
   >>>> data.   
   >>>   
   >>> Duh! We're dealing entirely with unlikely situations here. My laptop   
   >>> isn't stolen regularly, say about once every year.   
   >>>   
   >>> Stolen laptops, from domestic homes are likely to be quickly sold for   
   >>> drug money in some back alley to someone who will then have a long   
   >>> time to go through their contents and work out how to use anything   
   >>> interesting they find.   
   >>   
   >> I'm making a philosophical point, which is who needs marketing gimmicks?   
   >>   
   >> I've never been 'burgled' but if I was, my passwords are in KeepassXC, and   
   >> my financial data is in veracrypt containers, so all they get are my pics.   
   >>   
   >> Which is the key point, really...   
   >> We don't *need* silly marketing security (e.g., biometric gimmicks) for a   
   >> home computer as long as we don't live in the slums... :)   
   >   
   > You don't need to leave the blank checks in you checkbook (did I spell   
   > it the correct way for you US types?) unsigned. But I bet you do.   
   >   
   >   
   >> If we live in the slums, then by all means, we need those silly marketing   
   >> gimmicks, and, unfortunately, on iOS devices, the gimmicks are required.   
   >   
   > Unlike in the USA, there don't seem to be many slums left in my country.   
   >   
   > I have pictures of the children of relatives. They would be unhappy if I   
   > said some random thief had these pictures and I totally understand why,   
   > when you hear what paedophiles have been known to use them for, or even   
   > just what Grok lets you do with them.   
      
   Hi Brian,   
      
   We can delve deeper into edge cases, but the main question was whether a   
   home user needs BIOS passwords on a Windows system. My view   
   is that BIOS passwords may not protect the data that actually matters.   
      
   Some important data on a typical Windows laptop that needs protection are   
   passwords and financial or medical records which I focused upon, although   
   pictures and anything else can be added into that category if you like.   
      
   Those are likely stored in encrypted containers if you use tools like   
   Veracrypt and KeepassXC (although I'd have to check how to automate that   
   for photos). While that is partial encryption, not full disk encryption, my   
   observation is that it may be enough for most home users because the   
   sensitive material is isolated without having to enter a password (or   
   biometric marketing gimmicks) constantly, every day of the year.   
      
   A BIOS password does not protect any of that (AFAIK). A thief can remove   
   the drive and read it. Biometrics do not protect it either. They only   
   unlock the Windows session. Once the drive is out of the laptop, the   
   biometric layer is irrelevant (AFAIK).   
      
   So my practical Windows security model for a home environment is this:   
      
   1. Encrypt the small amount of data that actually matters, such as   
   passwords and financial records.   
   2. Keep that data in Veracrypt containers or a password manager.   
   3. Do not rely on BIOS passwords or biometrics to protect data on a   
   stolen device because they do not address that threat.   
      
   Biometric marketing gimmicks solve a convenience problem, not a data   
   protection problem. If we have a real fear of the people around us, that is   
   a different threat model, but most home users do not need that level of   
   control (IMHO) in terms of the frequency of passwords they enter.   
   --   
   All my assessments are based on a deep study of occams razor constraints.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)