Although it is mobile devices that dominate our digital day-to-day, a question that is increasingly being asked within families and between housemates or flatmates is just whose turn is it to use the PC or laptop right now? Whether you're doing online banking, writing a long text or planning a holiday — sometimes it is just more convenient to have a larger screen and a keyboard with buttons you can actually press down.

If you and your children use the same device, for example, you can set them up with their own user account that has fewer rights (e.g. to download programs or access the Internet). But it also just makes sense to have multiple user accounts if you want to protect your data against loss.

Watch the video to find out why it makes sense to have multiple user accounts on one device:

The risks

You can set up various user accounts on your PC's operating system. The 'highest-ranking' of these is the administrator account. The user rights that come with such accounts allow administrators to modify the system structures at their deepest level and are required to change certain settings or install programs. When you purchase a new PC with a pre-installed operating system, the administrator account is usually already set up. Lots of people do not bother to set up an additional user account — especially if they are the only person using the device. But this can have significant consequences if the user goes on to surf the Internet. If malicious code finds its way onto the PC, it can use the rights associated with an administrator account to burrow even deeper into the system in order to manipulate data, steal it or block the user from accessing their own device.

Data loss: Intentional or unintentional damage caused by other users

In situations where several people use the same device, such as in a family with more than one child, it is a good idea to set up a separate, password-protected user account for each user, with access rights that are appropriate for that individual. Taking this approach ensures private information can only be seen by authorised users and prevents other users from deleting or otherwise corrupting important data by mistake. Parental control features can also be enabled on accounts for minors.

Working with administrator rights or just one account

When setting up a user account for a new user, many operating systems give you the option to configure the scope of the rights granted to that new user. You can choose between administrator rights and restricted authorisations. Users who do not have administrator rights cannot install every item of software, for example, nor do they have access to system files. The administrator version is often selected because it is convenient. But having advanced access rights comes with a dangerous flip side: if the device is infected via the Internet (with viruses or worms, for example), this malware can then access the entire device and cause serious damage.

The protective measures

• Do not work with administrator rights
  Avoid working with administrator rights wherever possible, log in as 'just' a user instead. You should only use the administrator option if you actually want to make in-depth changes to the system or install new programs, for example.
• Set up different user accounts
  If your operating system allows, set up a separate user account with its own scope of authorisations for every user. The 'Control Panel' in Windows Professional operating systems offers a function that enables you to do this easily. Users of Linux and Mac OS operating systems, where accounts with administrator rights are called 'root accounts', can configure the scope of their rights as well. It also makes sense to set up two accounts with different rights for each user in these operating systems too. Users can then perform their day-to-day tasks in their restricted-access account, without exposing themselves to increased risk unnecessarily.
• Always use up-to-date software
  Firewalls and anti-virus software are an absolute must when doing any work via the Internet. Whoever is using the device at the time should always make sure the protective software is enabled. You should also ensure any security updates (patches) provided are installed on a regular basis. The operating system itself, programs like Media Player or the software used to access the Internet are often updated too. Many manufacturers offer services that will notify the users of their software products whenever updates become available by showing them an alert window. These services can be a useful support tool, but they cannot relieve individual users of their responsibility to ensure the software they are using is up to date. Instead, users should take a proactive approach to finding out whether software updates are available — by reading the BSI's newsletter 'Sicher • Informiert' ('Stay Secure • Stay Informed') or visiting the manufacturer's website, for example — and then installing them. Just one more important point about automatic alerts: programmers of viruses and worms are keen to misuse such features to trick you into installing malware.
  So don't just click 'Yes' automatically if you are asked to consent to an update: actually read the prompt carefully. If anything in that text seems unfamiliar or suspicious to you, refer to the sources mentioned above to find out whether it really is a proper update.
• Restrict usage authorisations
  There are several ways to protect against your data being read, modified or manipulated by other users of a shared computer, one of which is to use passwords to prevent misuse. But it can also be useful to only allow certain individuals to open and edit specific files by assigning file authorisations for them. Refer to the help section of the program in question for information on how this works for different file types (PDFs, Office documents, etc.).
• Restrict usage for children
  As well as restricting usage authorisations for specific files as mentioned above, it can also make sense to use filter software in order to prevent certain websites being accessed, for example. You can find more information on the topic of 'children and computers' in the section on child protection on our website.
• Handle sensitive data on separate devices
  You should not perform sensitive transactions such as online banking on a shared computer that is used by others. If there is no other option, make sure you never save any access data or passwords on the PC and always protect critical documents with a password.
• Taking good care of passwords
  You should use password combinations that are at least eight characters long and made up of upper-case and lower-case letters, numbers and special characters. If using a shared computer, do not note down any passwords on a piece of paper by the screen for the sake of convenience. Nor should you use program features that remember your passwords for you — the information stored here can be easily spied on and misused.
• Clear your history
  The 'History' function is an easy way of tracking which websites you have visited while surfing the Internet. If you do not want other users to be able to track you on your virtual travels, you should clear your history. In Internet Explorer, you will find this function under 'Tools' and 'Internet options'. In the Firefox browser, you can clear your history in the 'Options' menu on the 'Privacy & Security' page.
• Back up data on a regular basis
  If computers are shared by multiple users, there is an especially high risk of operator errors or virus infections causing systems to crash and data to be lost. You should therefore get into the habit of backing up your data onto storage media like CDs or external hard drives on a regular basis.