Manualshelf

HP ProtectTools password guidelines - White Paper

ManualsBrandsHP ManualsComputersA6G26EA
123456789
2
Introduction
The purpose of this paper is to describe how HP ProtectTools Security Manager for Microsoft Windows
implements password filter logic and to explain the requirements for setting a proper Windows
password when using HP ProtectTools. HP has implemented the One Step Logon feature through HP
ProtectTools software on 2008 and newer commercial HP Notebook PCs. The HP ProtectTools Security
Manager wizard enables various security levels to protect the computer system and data from
unauthorized access. Three security levels can be set:
HP Credential ManagerConsolidates user passwords and networks accounts into a single data unit
called User Identity, which is protected by strong authentication and encryption methods
Preboot SecurityProtects your computer before it boots the operating system (OS)
HP Drive EncryptionProtects data on your computer by encrypting the hard drive
In addition, you can select a single security login method for authentication at all security levels. The
possible login methods include using a Windows® password or fingerprint sensor. When the Windows
password is used as the login method, and all security levels are enabled, the One Step Logon feature
requires you to enter the Windows password only in the Preboot Security environment or in the full
volume encryption (FVE) preboot environment if BIOS isn‟t enabled. Then the One Step Login feature
verifies your password at all subsequent security levels and logs you in to the appropriate Windows
account. However, you can be locked out of the computer if you select a Windows password that is
rejected at the Preboot Security or Drive Encryption levels. This can occur if you select or change your
Windows password when the input locale setting of the computer is different from the physical
keyboard being used.
Windows supports hundreds of input locales. Each locale is a set of information based on user
preferences related to language, environment and/or cultural conventions. For example, a user may
choose to type a password in German using the International US keyboard layout or by setting up a
password combining words from different languages. This makes password verification more difficult
because input language translation (localization) support is limited at the Preboot Security and HP Drive
Encryption levels. In Windows it is possible to mix keyboard layouts within a single password,
particularly by using the right-ALT key in conjunction with the numeric keypad to enter characters.
Pre-boot environments do not support all keyboards or keyboard combinations that are possible within
Windows. It is the role of HP ProtectTools Security Manager to prevent the user from being locked out
due to password rejection at the Preboot Security and/or HP Drive Encryption levels.
Overview of HP ProtectTools Security Manager
With respect to typed authentication tokens such as passwords and HP Spare Key answers, the goal of
HP ProtectTools Security Manager is to apply filters when the Windows password is set up or changed
to ensure that the password can be typed at the Preboot Security level or Drive Encryption level. This
filtering prevents the user from being inadvertently locked out of the computer by rejecting passwords
that require a combination of keyboards or an unsupported keyboard layout. HP ProtectTools Security
Manager achieves its goal by passing the keyboard layout information to the Preboot Security and
Drive Encryption software. Preboot Security and Drive Encryption use preloaded tables of characters to
map key strokes from scan code to Unicode based on the supported keyboard layout. When you enter
a password before the OS starts, the Preboot Security and Drive Encryption software convert your key
strokes to the correct Unicode characters based on the key mapping table. Each software component
compares the entered password with the stored password.
Preboot Security and Drive Encryption may implement additional methods to assist you when entering
your password. For example, in the 2008and newer HP Notebook PC BIOS, if you fail to type a
password correctly, a soft keyboard is displayed on the screen so that you can click characters with the