Page History

Keeping your credentials safe is crucial if your OFBiz instance is connected on Internet, even if it's only through smartphones. If a hacker get one of your credentials your OFBiz instance would be compromised. At this stage OFBiz can't help and there is nothing you can do, it's too late.

There are many ways to theft credentials:

• Phishing
• Password attacks
• Keyloggers and malware that spy on what you type
• Man-in-the-middle (MitM) attacks that intercept your data
• Credential dumping tools like Mimikatz
• Good old-fashioned social engineering that tricks people into spilling the beans

Fortunately there is a safe way to prevent that: MFA (Multi-Factor Authentication).

There is though one very rare case that can't be covered by MFA:  physical means. For instance if an employee is blackmailed or disgruntled he could.

If it still exists when you read here you may find more information at https://www.huntress.com/cybersecurity-101/topic/credential-theft-cybersecurity-guide