1. Field of the Invention
The present invention relates in general to the field of information handling system password protection, and more particularly to a system and method for access to a password protected information handling system.
2. Description of the Related Art
As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
One concern with the use of information handling systems is the security of information stored or processed by an information handling system. Businesses often have confidential and sensitive information, such as customer lists and identities, that are stored on information handling systems which, if compromised, could lead to business difficulties or customer complaints. Individuals typically maintain private and financial information, such as medical and financial records, that are stored on information handling systems which, if compromised, could lead to embarrassment of or theft from the individual. In order to secure information, businesses and individuals typically invest in a variety of security applications that prevent access by unauthorized users, such as network password protection and firewalls. A cat-and-mouse game is often played between information technology administrators seeking to protect information and hackers seeking to illicitly acquire information. Often, security measures taken to secure information impact legitimate users with delays or inconveniences in using the information. For instance, users are typically required to have a password to access a network. If a user forgets the password or compromises the password, a network administrator generally must get involved to allow the user access to the network, such as by retrieving or changing the password.
One security risk that presents a particular danger to information is the physical theft of an information handling system. Desktop systems are generally kept in a physically secure area that makes theft difficult, however, laptop or portable systems are often exposed in non-secure areas that make them vulnerable to theft. For instance, businesses often supply portable systems to employees who travel frequently. These portable systems are often configured to connect with the business' network through the Internet or through a cradle located in the employee's office. Thus, physical theft of a portable system can expose the entire business' network to attack by exposing security information that allows remote access to the network. Individuals also often use portable systems to store private information that is subject to disklosure if the system is stolen. In order to counter the risk of physical theft, portable systems are generally protected by one or more passwords. For instance, hard disk drives have both a user password and a master password to access information. The user selects the user password for daily use while the master password allows access if the user loses or forgets the user password. Similarly, the BIOS often has user and administrator password protection to limit access to the information handling system to an authorized user or administrator. In the event that a user forgets a password, information technology administrators need access to the administrator password of the BIOS and the master password of the hard disk drive to access the system. However, if the master password of the hard disk drive is changed from its manufacture setting, the manufacturer of the information handling system cannot aid in the retrieval of the lost password. The ATA specification defines only two passwords for a hard disk drive. Because the irretrievable loss of a hard disk drive password is the equivalent from the user's perspective of a hard disk drive failure and often leads to service calls or system returns that increase a manufacturer's cost, information handling system manufactures typically enable one password for the user and retain the other password as a failsafe to use in response to a loss of a user password.