# Keeping Your Account Secure
## Overview
Your PBR account gives access to email, files, financial systems, and customer data. Keeping it secure is your responsibility — and one of the most important things you can do to protect PBR.
---
## Strong Passwords
- Use a **long passphrase** — three or four random words are more secure than a short complex password (e.g. *correct-horse-battery-staple*)
- Never use your PBR password on any other website or service
- Never share your password with anyone — including IT staff. IT will never ask for your password
---
## Multi-Factor Authentication (MFA)
MFA adds a second layer of security to your account. Always approve MFA prompts yourself — if you receive a prompt you did not initiate, **deny it immediately** and contact IT Helpdesk, as someone may be attempting to access your account.
See: [Multi-Factor Authentication (MFA)](https://bookstack.pbr.org.au/books/multi-factor-authentication-mfa)
---
## Lock Your Screen
Always lock your screen when stepping away from your computer — even briefly.
- **Windows shortcut:** Windows key + L
- Your screen will also lock automatically after a period of inactivity
---
## If You Think Your Account Has Been Compromised
Contact IT Helpdesk **immediately** if you:
- Receive MFA prompts you did not initiate
- See emails in your Sent folder you did not send
- Cannot log in with your normal password
- Accidentally entered your password on a suspicious website
- Accidentally clicked a link in a suspicious email
The faster we know, the less damage can be done. There is no shame in reporting — acting quickly is what matters.
**IT Helpdesk:**
---
## Approved Devices Only
Only access PBR systems on PBR-issued or IT-approved devices. Do not log into PBR systems on personal computers at internet cafes, libraries, or shared kiosk devices.