Just over an hour ago, the Washington Post broke the news that the Office of Personnel Management suffered a security breach from Chinese hackers this past December. You can find the unfolding story here.

As of now, it’s been confirmed that personally identifiable information (PII ) of around 4 million past and present federal employees may have been compromised. PII could include job assignments and performance ratings. It also includes information that verifies that you are you, in person and on the web.

If you were affected by this breach:

The OMP will be “offering credit report access, credit monitoring and identity insurance and recovery services to potentially affected individuals” to help with the aftermath. But you shouldn’t stop there.  It is critical that you change your passwords to protect accounts that you may not even know are at risk.  Particularly those that are weak and include any PII as a root word or reminder.

For everyone else, never use personally identifiable information in your passwords:

Just don’t do it.

PII is used to crack passwords (that can then be used to crack online accounts, like banks, and steal your identity). If you use PII in your password, you’re tying the security of all your online accounts together and making them all weaker.

Instead, protect your passwords the way you protect your home. The same way that you wouldn’t get a home alarm system without having a lock on your front door, you need strong passwords protecting your accounts before you worry about monitoring for break-ins.

With Dashlane, strong passwords are easy to manage. Dashlane creates and remembers them for you, and then logs you in securely and automatically. The best part? It’s free.

If you already use Dashlane, there’s no better time to share it with a friend. It’s part of the pack of tools that everyone needs to protect themselves online.