There has long been, and I guess still is, advice to use a standard user rather than administrator account to limit the things that can be done by malware. Until recently I've always used an administrator account despite this advice. After recently seeing a report stating that an extremely large percentage of vulnerabilities cannot be exploited on a standard user account, I started experimenting with using one.

Now, I somewhat frequently get a request for an administrator password. Supplying one causes, I guess, the operation being performed to be performed as if done by the administrator account. I think that if I were using an administrator account, the same actions would result in a UAC prompt to which I would have to respond in the affirmative to allow the action to occur.

My question is why is forcing myself to provide an administrator password safer than clicking Yes in a UAC prompt?