A user account is the account you use to sign in on your computer at home, school or work. Cybercriminals will target unsecure accounts and take advantage of poor security habits within the home and businesses. Their goal is to get access to your computer and steal your information. There are many ways to improve your account security, keep your accounts safe and avoid being the victim of a cyber attack.
Avoid using an administrator account for everyday use
There are two types of accounts you can use on a computer:
- a standard user account
- an administrator account.
These account types have different levels of access or privilege on your device.
- A standard user account has partial control of a computer. It does not have access to all files and programs stored on a computer and cannot change settings that affect all users of the computer. If a cybercriminal gains access to a standard user account, they will be limited by the permissions of the account and will not have complete access to the computer and your information. You should use a standard account for everyday tasks such as emails or web browsing.
- An administrator account has complete control of a computer. It can access all files and programs stored on a computer, and can change settings that affect all users on a computer. Administrator accounts are the ‘keys to the kingdom’ and should only be used when necessary.
Understand the risks
Cybercriminals can do a lot more damage if they get access to an administrator account and have complete access to your computer. This makes administrator accounts a main target for cyber criminals.
If you set up a computer where everyone has an administrator account, you may be risking your sensitive information. Someone may accidentally delete or lose files or programs with your information. They may also click a fake link and download a file containing malware. This is especially true for younger family members.
Imagine the caretaker of an apartment building using the master key as their personal key every day. It might seem like a good idea at first because it means they do not need to carry as many keys. Imagine what would be at risk for the caretaker and the rest of the building if that key was lost and fell into the wrong hands. This is a similar situation to using an administrator account every day on your computer.
Change your user account type
You can check what account type you are using in the settings menu of your computer.
- For Microsoft Windows, use Control Panel or Settings to change your account type from Administrator to Standard. For more information, visit Microsoft’s website.
- For Apple MacOS, you can set up standard accounts in System Settings. Advice on how to do this can be found on Apple’s website.
- You will also need to maintain a dedicated administrator account that is not for everyday use. Only use this account for tasks that require administrator privileges, for example, creating new users. Keep this account protected with a strong password, such as a passphrase. Do not share the password for this account.
- Ensure that all users are set up with individual, standard user accounts. This will help limit the extent of access cybercriminals might gain if their accounts are compromised.
Secure your login
- All user accounts should be locked using a strong password or PIN. Do not make them easy to guess, like birthdays or simple numbers (for example, 1234 or 1111).
- Use a strong, unique passphrase as your password. Passphrases are a combination of random words, such as ‘crystal onion clay pretzel’. Use at least four different words and make it unique. Do not reuse your passphrase. See our advice to learn more about passphrases.
- Adjust your settings to lock your account when inactive for a set period of time, the shorter the better. This can be done through settings for Windows and system settings for Apple.
- Where possible, you should use multi-factor authentication (MFA) to add another layer of security to your accounts. MFA requires two or more different types of actions to verify your identity before logging in. See our advice to learn more about MFA.
- Consider alternative login features such as Windows Hello or Apple’s Touch ID. These login features provide a secure way for you to login using different methods such as biometrics (fingerprint, facial recognition) or PIN. Physical security keys are another option that can be used alongside a fingerprint or PIN instead of a username or password. See support from Windows and Apple to learn more about alternative login features.
Tips for Home
- Use standard user accounts for everyday tasks such as web browsing or online shopping. This will help protect data on other user accounts and limit access cybercriminals may gain on your home network.
- Avoid using a shared account for the whole family. All it takes is for one person to make an honest mistake and delete a file, or infect the computer with malware. Help protect your sensitive information by creating individual standard user accounts for your family members.
- Set up an account for your children with limited permissions. Children are particularly susceptible to cyber attacks such as clicking on malicious links or fake tutorial videos. Limiting the permission on their accounts will help keep them, and your sensitive information safe.
- Use parental controls on young family members’ accounts. These tools allow you to monitor and limit what your child sees and does online. By limiting their access online, you minimise the risk of them falling victim to cyber attacks. See the eSafety Commissioner’s advice for more information on parental controls.
Tips for Businesses
- Secure your business data by implementing the principle of least privilege. This means ensuring user accounts on your business network are given the bare minimum access required to perform their duties.
- Ensure staff members are using standard user accounts if their role does not require administrator privileges.
- Review account access and restrict where necessary. In a company, people go through many transitions (changing roles, promotions etc.). This means they possibly maintain access to many different parts of your business network that they no longer require. This is known as “privilege creep”.
- Avoid sharing accounts among employees. Shared accounts can increase the risk of cyber threats and make it difficult to detect and investigate malicious activity. Shared accounts make it difficult to link specific actions to specific employees and even harder to track cybercriminals on your network.
- Restricting administrative privileges is one of the most effective ways to ensure security of business networks and sensitive data. Restricting administrative privileges is also one of the Essential Eight measures from the Strategies to Mitigate Cyber Security Incidents. See our advice to learn more about Restricting Administrative Privileges.
For more information on protecting your business from cyber security threats, see our Small Business Cyber Security Guide.