When Security goes Bad

Whenever any hacker comes in contact with any form of security, his first thought is always, “How could someone bypass this.” This is the question that has been fueling the world of software security for decades. After all security is a good thing, security keeps us and our information safe. But what happens when something is too secure? This is not a typical question to ask oneself, especially in a world where the only way to completely secure your computer from malware is to completely unplug it from the wall. However, when something is too secure the effects can be as devastating as insecurity.

My older laptop is a Toshiba Satellite M105 with a Phoenix Trusted Core BIOS. One day as part of an experiment, I set a BIOS password on the computer. A week passed before I returned to thus particular project, and I could no longer remember the BIOS password. I thought it was no big deal, and looked up the Phoenix backdoor passwords which included BIOS, CMOS, phoenix, and PHOENIX. After trying the first three, my computer shut off, and after the last I was still locked out. An hour later I had disassembled my laptop and taken a soldering iron to the BIOS battery. A few hours later I hoped the BIOS would forget the password. I got a bad checksum error, but when I tried to continue I was again prompted for the password. I understand the backdoor passwords not existing, because thats just stupid, but there is no way for me to recover this password short of reprogramming part of the BIOS and replacing a chip. There is a plausible possibility that I might not get to use that computer ever again.$700 down the drain to good security.