I agree, but that wasn't the question. Anyone with a screwdriver can
get around passwords.
In the context of Windows and BIOS, without considering Hardware, as
he didn't seem to think about hardware, BIOS passwords are stronger
than Windows passwords except when EFS is used.
My view here is very different from yours. First, when you're talking about
security, I think it's a mistake to try to separate hardware vulnerabilities
from software ones. Vulnerabilities are equally dangerous whether you get to
them with a screwdriver or a keyboard. Good protection protects you from
anyone, regardless of what kind of tool he has.
Second, when you think about restricting access to the computer, you have to
think about who the invader is you want to keep out. Is it a casual
passer-by at your office at work, who wants to see what you're doing? It is
your eight-year-old son? Is it your adult brother-in-law who is visiting
your house? Or is it a burglar who has stolen your computer, taken it home,
and has all the time in the world to break into the system and look at your
personal and financial data.
For all but the last of these, either a BIOS passwword or a Windows one is
probably adequate. For the last one, neither is.
That last point is the main point I wanted to stress. Unfortunately many
people think that such passwords provide them with real protection against
people like that burglar, but in reality, they hardly even slow him down in
getting to your data.