While modern operating systems like Windows 11 are designed to be secure, there are a few additional things that we can do to further protect our computing devices. A few BIOS/UEFI settings make everything on our PCs more secure, and they only take a few seconds to set up. The best thing is that these protections run before the computer has even fully booted up, cutting off potential attackers before they have a chance to start.

3 Set a BIOS password

The best security is often the simplest

If you work with sensitive information, you know the importance of not letting unauthorized users on your computer. If you don't, you might be wondering what someone could access if they get hold of your laptop or desktop. Well, the answer is everything. If they can boot into your computer, they can get your data by using a Linux live disc to copy anything they want off your hard drive.

To stop anyone but you from being able to boot your computer, you need to set a BIOS password. Boot your PC into BIOS, and search for Administrator Password. It will ask you to type in a password twice, and that's it. Now, every time someone tries to switch on your computer, it will ask for that password before it boots. Anyone without the password will be stuck, keeping your computer secure.

2 Turn on Secure Boot

You want this if you're using Windows 10 or 11

Secure Boot is one of the most important security features on modern computers. It checks all the software installed on the computer to ensure it can be trusted, including UEFI firmware drivers, EFI applications, and the operating system. It's a requirement for running Windows 11, so your computer might already have it enabled, but some Linux distributions and Windows 10 also use it. If you've built your own computer, there's a chance Secure Boot isn't already enabled.

The good news is that it doesn't take long to check if Secure Boot is enabled or to enable it if not. You can also do it without having to reboot your computer by opening the Start menu, typing msinfo32, and pressing Enter. The first page of information will have a field called Secure Boot State, which will either be On or Off. If you find it's off, re-enable Secure Boot in your PC's firmware, which varies by manufacturer and if it's a laptop or desktop.

1 Make sure TPM is enabled

Windows 11 needs this enabled anyway, but it's good for other operating systems

For the first time in a long time, Windows 11 increased the minimum hardware requirements needed to run the operating system. One of the biggest changes was a forced requirement for a Trusted Platform Module (TPM) to be installed, so if you're running Windows 11 on your laptop or desktop, you're already ahead of the curve on this one.

If you don't already have TPM enabled, it's time to reboot into BIOS/UEFI. If you've got an AMD motherboard, have a look for TPM 2.0 and enable it. Most motherboards' BIOS have a search function, which will make it easier to find. On Asus motherboards, it's F9, but it should show up on the main BIOS screen so you can easily select it. If you're using an Intel motherboard, you'll be searching for Intel PTT, or Platform Trust Technology, which is the same thing. If you can't find a software TPM on your motherboard, you can buy a physical TPM for your desktop PC, which is around $20, and plug it into a dedicated socket that you can find the location of in your motherboard's manual.

With a few small BIOS changes, your computer will be more secure

Modern computers are already pretty secure, but there are some things that you can do to be more protected. A BIOS password is one of the biggest moves that you can make, because if people can't access the computer at all, it's already secured at the onset. The other thing to keep your computer secure is to regularly check for BIOS updates, and apply them if you see they mention security fixes. Even if they don't explicitly say it, the latest BIOS version is likely to have bug fixes that will also help with security.