Some Mac users, mostly those who have used Unix, prefer to run as normal rather than admin users, but most of us just use the single admin account created when we first set up that Mac. While there are good debates about preferences and protections, this article considers whether using a normal user account is any more secure than an admin one.
The two main types of user account differ primarily in the privileges they give. If you’re an admin user, you can do pretty well anything that macOS allows. In some cases, you’ll be asked to authenticate before proceeding, even in parts of System Settings. But, as an admin user, your password is good for anything so long as it isn’t locked down by macOS, for example by System Integrity Protection (SIP). Even then there are ways and means of disabling SIP if you need to.
A normal user account doesn’t have some of those privileges, though. In general, a normal user is limited to changing their own settings, but not those affecting the system more generally. For example, they can’t create another user account, or change the privileges of accounts. They can install apps, though, and can use their Apple ID and have full access to iCloud and all its features, including subscriptions.
In many cases, a normal user can still access features limited to admin users by entering the name and password of an admin user.
This can be significant for security. Malicious software may want to trick you into providing an admin user’s password so that it too can obtain elevated privileges. Running as a normal user won’t necessarily prevent that, as it could simply prompt you in the same way. If you seldom obtain elevated privileges when running as a normal user, then this might make you stop and think twice. But if you find yourself having to do this more frequently, you might be tricked into doing it without thinking.
There are a few unexpected features that aren’t available to the normal user, of which the most irksome is accessing the log. That does, for the moment, lock you out of some of my free utilities, although not SilentKnight. There are a few other apps that rely on your being an admin user that you might also regret.
In case you hadn’t noticed, macOS does a great deal to protect the privacy of user data. A traditional argument in favour of running as a normal user is that it separates your data from the system, and from other users. Thankfully, in all recent versions of macOS, you don’t need this any more: macOS is tucked away on a read-only snapshot on your System volume, and Privacy & Security work just the same whether you’re an admin or normal user.
All built-in macOS security protection applies equally to all users, regardless of their privileges. Gatekeeper, XProtect and XProtect Remediator all do exactly the same job, in the same way. When tested against samples of real malware, there’s no difference in their detection or response. The one snag, though, is that checking on XProtect Remediator currently relies on access to the log, or support for Endpoint Security monitoring (in Ventura only), which becomes more difficult when you don’t have admin privileges.
User account weaknesses
There are a few important cautions, which apply particularly to admin accounts:
- Never delete the primary admin account. You might get away with this if you have a secondary admin account configured, but it’s safer not to risk it even then.
- Never allow your Mac to log in automatically to any admin account. You shouldn’t do this with a normal account either, although there potential consequences aren’t as serious.
- Never use weak or guessable passwords for an account, particularly for an admin user.
- Unless you have a truly compelling reason, never enable a Guest account.
- Never authenticate as an admin user without knowing what that will do. Inspect and read that dialog carefully, and if you’re in any doubt, click on Cancel.
If you’re more comfortable with the more restricted privileges of a normal user account, then why not use one. But don’t think it’s going to improve security or privacy.