S 4.27 Password protection in laptop PCs

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: IT-user

Each portable PC (laptop) should be provided with password protection preventing unauthorised use of the PC. The rules to be observed in the use of passwords are listed in S 2.11 Provisions governing the use of passwords. For modern laptops, the BIOS boot password should be activated if its use is possible. The computer will only start up after the correct boot password has been entered.

If no password routine has been installed, the saving of sensitive, unencrypted data on the hard disk should be prohibited; instead, such data should be stored only on floppy disks. Such diskettes must be kept separately from the laptop, e.g. in a briefcase.

Some laptops also offer the power save option which can be activated by a specific key combination. Use of the portable PC can only be continued after entry of the appropriate password. Where a power save function is offered, it should be used for short intermissions. If it can be foreseen that there will be a longer break, the computer should be switched off.

Additional controls:

• Are passwords used for portable PCs? Are the rules for proper handling of passwords being complied with?

• When a laptop is handed over to another person, will its password be altered?