Yahoo confirmed Thursday that at least 500 million usernames and passwords were stolen by hackers back in 2014. The company isn’t saying who exactly is behind the attack, blaming an unnamed “state-sponsored actor.”
If you have a Yahoo (YHOO) account, what should you do now?
First, log in to your account and change your passwords. Never use the same password for more than one site — if you’ve been doing that, the hacker(s) who attacked Yahoo could use that password to gain access to your other accounts across the web, so change your other passwords too.
If you have trouble remembering more than one password, consider a password management program like 1Password or LastPass. (These programs can also generate secure passwords that are a jumble of letters and numbers, which are harder to guess than passwords you might think up on your own.)
For more, read: Could Yahoo Hack Kill the Verizon Deal?
Second, turn on two-factor authentication for your Yahoo account. This will require you to have your smartphone handy when you log in to your Yahoo account, meaning a hacker will need more than just your password to get access. Here’s how to do it.
Third, consider using Yahoo’s “Account Key” feature, which replaces written passwords with a smartphone app. It’s like a souped-up version of the step above. Here’s how to do it.
Get Data Sheet, Fortune’s technology newsletter.
Hacks like these are a good reminder of how important it is to practice good password hygiene. It’s generally a good idea to be constantly changing your passwords, using password managers, and turning on two-factor authentication whenever possible for any service you use.
This story was originally published on Time.com.