Also, and though I note the admin/root distinction you mention below, please please, please people, regardless of what OS you run, create separate accounts for admin and daily use. Never do your daily stuff in and admin account - and only provide the admin user/password when prompted if you fully understand what it is you're about to do.
The easiest attack vector under any computer security model is trying to elicit a mistake from a privileged user.
There’s rarely any reason to have an admin account on MacOS. In contrast Windows defaults to an admin account although many actions will trigger UAC. The problem is that the more actions trigger UAC, the more accustomed you will be to pressing ok. Mac is not immune, with its sudo action password popup.