IBM/Lenovo Thinkpad Z61p
One of the primary reasons IBM/Lenovo has been so successful in the business world is their attention to detail when it comes to security. The Z61p includes a client security chip which is a hardware based chip with BIOS extensions designed to help protect user passwords and data. When the user first boots the machine he is presented with the screen below. By enabling the chip, the user can be protected in three critical areas: password protection, biometric protection, and disk data encryption.
The most useful feature in the Client Security Solution is the biometric fingerprint scanner. If the user decides to utilize this feature they are presented with a screen which allows them to record up to 21 different fingerprints. For our test we used three fingers, two on one hand and one on another.
Each finger recording required three successful swipes of the finger before it was registered as seen below.
Once we recorded the fingerprints, we had the option of setting up the system to do a strict Windows log on using our recorded fingerprints or to enable the bios extension which would present us a fingerprint screen upon log on. We chose the later option. We were also offered the option of having an alternate password used in the event someone else had to access our computer, which we also enabled. Upon the next power off and power on (not a warm reboot which does not require fingerprint authentication), we were presented with a fingerprint log on to successfully boot the system. Our choices included hitting "Esc" to log on with a password or to use the fingerprint scan. Again we chose the reader. It registered on the first attempt. At that point the system posted to the OS and immediately logged us in.
We did some additional testing and chose to cold boot logging in using the password by hitting "Esc" as opposed to the fingerprint scanner and when we got to Windows, it prompted for either a password or a finger rather than automatically logging us in. It is important to note that if a user forgets their power on password or cannot provide a correct fingerprint, then the system is rendered useless as there are no methods to bypass this security mechanism.
In addition to the Client Security software, Lenovo added additional password security in the BIOS for locking the hard drive. By enabling this feature, a user can lock the drive preventing access to its contents. Once enabled, if a user forgets his password, there is no recovery and no way to access the data, even if moved to another machine, however.