Early computer systems were protected by physical security. These computers were kept in locked rooms and often had around the clock security or were used around the clock because of their extreme cost. The first challenge to computer security came with remote terminals. The terminals were often distributed throughout a building or campus, and did not receive the same security as the computer.
To meet this challenge, computer operating systems were equipped with user accounts. Each user account was protected by a password. A user at a remote terminal could not access the computer without his assigned password. In these early systems, the password control formed part of the operating system. The computer itself had to remain secure or the user account and password security was useless.
With the advent of personal computers, operating system or application software security systems became unreliable. An unauthorized user could simply turn off the computer and restart it using software from an external source, such as a floppy disk. In response to this new threat to security, personal computers were equipped with BIOS (Basic Input Output System) based software passwords. A BIOS based password program runs before control of the computer is given to any disk based software. This prevents an unauthorized user from accessing data by starting the computer from a floppy disk or using other means to change the disk based software.
While the BIOS based security software is better than disk based security software, it still does not protect data removed from the computer. An unauthorized user can remove a hard disk or other mass storage device from a protected computer and read the data using another computer. Many computers now come with easily removable hard disks. This is particularly common in servers and portable computers. Removable hard disks make it easier than ever to bypass a computer's security by moving data to another computer.