Why you should separate admin account

Is your computer account an admin account?

Explore why this is a bad move and what you can do to make yourself safer.

Most people run their computers with administrative privileges. Often this is because you have always done and have not considered a) the consequences of this and b) that there is another way!

If a malicious app or “BADGUY”  gains access to your computer and you are logged in with admin privileges, this means that the app or bad person will *also* have these admin privileges. You can protect yourself by using a standard account as your primary account and then temporarily elevating permissions when you need to make administrator changes.

What’s the difference between admin accounts and standard accounts?

Administrator accounts (or admin accounts) have carte blanche to do what they want. They have permission to do just about everything on a machine – and clearly it is important that there is at least one account that has “access all areas” otherwise the computer wouldn’t be very useful.

Standard accounts are by definition less powerful. This is the correct account that people should use for day-to-day working. This account is intended to provide enough privileges so that you can perform typical tasks that any user may expect to; for example printing, surfing the web, getting on a video call to your boss. Generally, a standard user will not be able to install new software. There may be certain exceptions to this but the idea is that a standard user cannot make any fundamental change that my compromise the computer’s security or functionality.

If you run your computer as an standard user instead of an admin user, you are significantly reducing the risk of a rogue or malicious app infecting your computer.

This does not mean you can’t have admin rights!

Both Macs and Windows allow a standard user to perform “one-time” admin tasks by entering an admin username and password. For example, you are prompted to upgrade Google Chrome (sensible!). As you are running as a standard user the upgrade will not just happen by clicking “OK”. Your operating system will require an admin user to authenticate before the upgrade will take place. So – you will see a dialogue box appear on the screen asking for an admin username and password. Assuming you do know these, entering them will allow the upgrade to take place. But once this has completed, you will not be able to install anything else as is, because the rights you gained by entering those admin credentials was *just for that single* task.

Creating standard accounts

In our handy guide below, we show you, step-by-step, how to create both standard and admin account for a Mac or PC. Typically, if you are already using your computer as an administrator, you would create a new admin account and demote you existing account.

Windows

1. Open the “Settings” app.

2. Click on the “Accounts” icon.

3. Choose “Family & other people” from the sidebar.

4. Click “Add someone else to this PC” under “Other people.”

5. Click “I don’t have this person’s sign-in information” and then “Add a user without a Microsoft account” to skip the Microsoft account search. You can add this later. Windows Home users may not see this step.

6. Enter the username, password and password hint for your new administrator account. Click “Next” to complete the account creation.

7. Click on the account name and click the “Change account type” button.

8. Chose “Administrator” from the dropdown menu. You may need to restart your computer for this change to take full effect.

9. Log into your new administrator account.

10. Navigate to the “Family & other people” pane again. Click on your user account and change the account type to “Standard User.”

11. When you see a UAC prompt, enter the username and password of your new administrator account’s credentials to proceed.

MacOS

1. Open System Preferences and choose “Users & Groups” from the bottom row.

2. Click the lock and enter your password to unlock the pane.

3. Click the “+” button to create a new account.

4. Choose “Administrator” from the “New Account” dropdown menu.

5. Set the username and password as you like. Make sure “Allow user to administer this computer” is checked at the bottom.

6. Log out of your current user, then log into your new user.

7. Select your previous account in the sidebar, and uncheck the box that says “Allow user to administer this computer” to convert your admin user to a standard user.

8. When prompted, restart your computer to downgrade your account.

9. Log back into your user account and use it as normal. Enter your new admin user’s username and password when you need to perform administrator tasks.

While using a standard user account might be slightly more annoying, it does provide security benefits that can protect you in the event of a security failure.