For years, a basic tenet of computing security has been to set up two accounts on all Windows systems; one an administrator-level account that provides full rights to a system and system management, and the other a standard user account that has fewer privileges.
In Windows 10, you can still set up a second “standard” account for better security (limiting what malware might do on your system), but the operating system’s use of MS and local accounts makes the process more complicated. Here’s how it works.
Using a local account for better security
With Windows 10, the best-practice of creating an account with fewer privileges seems to be nearly forgotten — mostly due to Microsoft’s push to have all Win10 users signing in with a MS account. But setting up a local/standard account can both help thwart malware and give you a bit more privacy from Microsoft.
Before I show how to set up a local account, it’s important to understand the difference between account types. More specifically, you should keep in mind that both Microsoft and local accounts can be set up as either “administrator” or “standard.”
There are, of course, numerous pros and cons to each type/combination of account; an MS Community thread gives a relatively accurate summary and links to more information. In brief, a local account gives you more privacy but less convenience; an MS account gives you one-point sign in for both OS and some applications, but there’s also some potential loss of privacy — and security.
Security is a prime example of the give and take with Windows 10. A Microsoft account can use the same username (email address) and password for virtually everything: signing in to the OS, signing in to your online Microsoft services (email, cloud storage, etc.), and synching settings between personal Win10 devices. However, if someone acquires your credentials, you’re essentially giving them keys to your kingdom.
On the other hand, if you forget your password, a MS account can give you the opportunity to recover it via an online reset. With a local account, you have to use another process, described below. For more information on MS accounts, see the online FAQ. That site also has a link to the online Account support page, where you can manage your account settings.