Every person who uses your computer is called a user. When two or more people share a single computer, you can set up a user account for each person. Giving each person a user account is a lot like giving each person their own separate PC, but a lot cheaper. Each user can personalize the desktop and other settings to their liking. Each person can have his or her own separate collection of pictures, music, videos, and other documents. Each user can also set up his or her own separate e-mail account. User accounts allow parents to create and enforce parental controls in Windows Vista. This is a great boon to parents who can’t always monitor when and how children use the computer. Parental controls allow you to control and monitor children’s computer use 24 hours a day, 365 days a year, even when you’re not around to do it yourself. User accounts also add a level of security to your computer. Many security breaches occur not because of a problem with the computer or Windows. Rather, they occur because the user is in an account that grants malware (bad software) permission to do its evil deeds. Of course people don’t realize they’re granting permission, because the program doesn’t ask for permission. It gets its permission, automatically, from the type of user account into which you’re currently logged. Creating and managing user accounts is easy. But before getting into the specifics of all that, let’s take a look at how you, as a user, experience user accounts.

Logging In and Out of User Accounts

In Windows Vista If you already have multiple user accounts on your computer, you see an icon for each one shortly after you first start your computer. To log in to an account, click its picture. If the user account is password-protected, you must also enter the password that protects that account from unauthorized entry.

Why Switch User Can Be Bad

When you use Switch User, rather than Log Off, to leave your account, all the programs and documents on your desktop remain open and in memory. This leaves less working memory for other users in their accounts. If multiple users consistently use Switch User to leave their accounts, you end up with lots of people’s stuff in memory all the time. The likely result is that the entire computer will run much slower for everyone. Furthermore, the whole system is more likely to crash, especially if you use older programs that were created before the advent of user accounts in Windows. Ideally, every user should log off from their account when they’ve finished using the computer. If you find that other users won’t stay with that plan, and the computer is often running slower than molasses in Antarctica, you can disable the Switch User option.

- Switch User: Lets you go to another user account without losing your place in the current user account. This is fine for temporarily using another account to perform a simple task (like checking e-mail).

- Log Off: This option closes all open programs and gives you the opportunity to save any unsaved work. Use this option when you plan to be away from the computer for a while.

- Lock: If your user account is password-protected, use this option to hide what’s on your screen and keep other people from using the computer under your user account. When you log back in, you’ll be right back where you left the computer. If your user account isn’t password-protected, then other people aren’t really locked out of your account. Anyone can come along, click your user account name, and be at your desktop.

Creating Strong Passwords In Windows Vista

I’ll talk about techniques for creating, managing, and password-protecting user accounts in a moment. But before I get into the details, I think it might be worthwhile to talk about passwords in general. Not just passwords for user accounts, but for all types of accounts you create, including online accounts. A password that’s easily guessed is a weak password. A strong password is one that’s not easily guessed, and is also immune to password-guessing attacks. The two most common forms of password-guessing attacks are the dictionary attack and the brute force attack. Both types of attacks rely on special programs that are specifically designed to try to crack people’s passwords and gain unauthorized entry to their user accounts. The dictionary attack tries many thousands of passwords from a dictionary of English terms and commonly used passwords. The brute force attack tries thousands of combinations of characters until it finds the right combination of characters needed to get into the account. Admittedly, both types of attacks are rare in a home PC environment.

They’re also easily frustrated by common techniques like forcing the user to wait several minutes before trying again after three failed password attempts. But nonetheless, the general guidelines used to protect top-secret data from password-guessing attacks can be applied to any password you create. A strong password is one that meets at least some of the following criteria: - It is at least eight characters long. - It does not contain your real name, user account name, pet names, or any name that’s easily guessed by other family members or work cohorts. - It does not contain a word that can be found in a dictionary. - It contains some combination of uppercase letters, lowercase letters, numeric digits, and symbols (like !, &, ?, @, or #). Again, I realize that few of us need Fort Knox security on our personal PCs. You don’t want to come up with a password that’s difficult to remember and a pain to type. But any steps you take to make the password less susceptible to guessing are well worth some effort. Some Web sites offer password checkers, programs that analyze a password and tell you how strong it is. See www.microsoft.com/athome/security/ privacy/password_checker.mspx for an example. Or go to any search engine, like www.google.com, and search for password checker.

Remembering passwords

The most common problem with passwords is forgetting them after the fact. When you set up a password for a Web site, you can usually find out what it is just by clicking an “I forgot my password” link at the signin page. But there is no such link for passwords that protect your Windows user accounts. Therefore, it’s extremely important that you not forget your Windows passwords! Before you even think about password-protecting a user account, you should write the password down on a sheet of paper. Make sure you use exactly the same uppercase and lowercase letters that you’ll be typing. All passwords are always case-sensitive, which means uppercase and lowercase letters count big time! For example, let’s say you jot down your password as tee4me!0 (where that last digit is a zero). But later you type it in as Tee4Me!o (with the last digit being the letter “o”). Still later you forget the password and dig out the sheet of paper. The tee4me!0 you wrote down won’t work, because the password is actually Tee4Me!o.

On a typewriter, the number 0 is basically the same as an uppercase letter “O.” The number 1 is basically the same as a lowercase letter “l.” But that is not true of computers. You must use the 1 and 0 keys near the top of the keyboard or on the numeric keypad to type 1 (one) and 0 (zero).

Devising a password hint

With Windows passwords, you can also specify a password hint to help you remember a forgotten password. But still, it’s tricky. Anyone who uses your computer can see the password hint. So the hint can’t be so obvious that it tells a potential intruder what the password is. By the same token, the hint might trigger your basic memory of the password. But perhaps not the exact uppercase and lowercase letters you used. So you need to have that written-down password handy in case of an emergency. Of course, that written-down password won’t do you any good if you can’t find it when you need it. And it won’t offer much protection is it’s in plain sight where anyone can see it either. So the bottom line on remembering and jotting down passwords is simple: There is no margin for error. A password that’s “sorta like” the one you specified is not good enough. It must be exactly like the one you specified. You must treat passwords as though they are valuable diamonds. Keep them safe, keep them secure. But don’t keep them so safe that even you can’t find them! Okay, that’s enough general advice about passwords. Next we need to talk about types of user accounts.

Types of User Accounts

In Windows Vista Windows Vista offers four basic types of user accounts, the built-in Administrator account, user accounts with administrative privileges, standard accounts, and a Guest account. They vary in how much privilege they grant to the person using the account.

The built-in Administrator account

There is a single user account named Administrator built into Windows Vista. This is not the same as an administrative account you create yourself or see on the login screen. This account is hidden from normal view. It doesn’t show up on the usual login screen. The built-in Administrator account has unlimited computer privileges. So while you’re logged in to that account you can do anything and everything you want with the computer. Any programs you run while you are in that account can also do anything they want. That makes the account risky from a security standpoint, and very unwise to use unless absolutely necessary. In high-security professional settings, a new computer usually goes straight to a highly trained and certified network or security administrator who logs in to the Administrator account to set up the computer for other users. There the administrator configures accounts on the principle of least privilege, where each account is given only as much privilege as necessary to perform a specific job. The administrator also sets up a user account for himself. That account also has just enough privilege to do day-to-day computer tasks. Once the administrator is finished, he typically renames the built-in Administrator account, and password-protects it, to keep everyone else out. The account is always hidden from view, except from other administrators who know how to find it. All of this is standard operating procedure in secure computing environments, though hardly the norm in home computing. In Windows Vista, there’s really no need for you to find, log in to, and use the built-in Administrator account unless you’re an advanced user with a specific need, in which case you can get to it through Safe Mode. As a regular home user, you can do everything you need to do from a regular user account that has administrative privileges.

Experienced users who need access to the built-in Administrator account can get to it through Safe Mode. But if you’re not a professional, I suggest you stay away from that and use an administrative account, discussed next.

Administrative user accounts

Most of the time when you hear reference to an administrator account in Windows Vista, they’re talking about a regular user account that has administrative privileges. This is an account that has virtually all the power and privilege of the built-in Administrator account. But it also has a lot of security built in to help thwart security threats that might otherwise abuse its privileges to do harm to your computer. Ideally, you want to create one user account with administrative privileges on your computer. If you intend to implement parental controls, you’ll need to password-protect that account to keep children from disabling or changing parental controls.

Standard accounts

A standard user account is the kind of account everyone should use for day-to-day computer use. It has enough privilege to do day-to-day things like run programs, work with documents, do e-mail, and browse the Web. It doesn’t have enough privilege to make changes to the system that would affect other people’s user accounts. It doesn’t have enough privilege to allow children to override parental controls. And most importantly, it doesn’t have enough privilege to let malware like viruses and worms make harmful changes to your system. If you use a standard account all of the time, and use a built-in administrative account only when absolutely necessary, you’ll go a long way toward keeping your computer safe from Internet security threats.

Guest account

The optional Guest account is there to allow people who don’t regularly use your computer to use it temporarily. Basically it will let them check their e-mail, browse the Web, maybe play some games. But it definitely won’t let them make changes to your user account or anyone else’s. And its limited privileges also help protect your system from any malicious software they might pick up while online.