• Contact Sales
  • Subscription
  • Resellers
  • Support
Yubico Header Text LogoYubico Header Text Logo
Why Yubicoexpand_more
Why Yubico
  • Enterprises
  • SMBs
  • Individuals
  • Developers
  • Careers
  • Partner programs
  • Affiliate program
  • Contact Sales
  • Events
  • Press room
  • Yubico Blog
  • Yubico Executive Connect
  • About us
  • The team
  • Innovation history
  • Secure it Forward
Easy-to-use, secure authentication

With YubiKey there’s no tradeoff between great security and usability

Why YubiKey
  • phishing-resistant MFA
  • strong MFA
  • YubiKey
Proven at scale at Google

Google defends against account takeovers and reduces IT costs

Google Case Study
  • phishing-resistant MFA
  • strong MFA
  • YubiKey
Protecting vulnerable organizations

Secure it Forward: One YubiKey donated for every 20 sold

Learn about Secure it Forward
  • phishing-resistant MFA
  • strong MFA
  • YubiKey
Productsexpand_more
All products
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • YubiEnterprise Subscription
  • YubiEnterprise Delivery
  • Yubico Authenticator
  • Computer login tools
  • Software Development Toolkits
  • YubiCloud
  • Using YubiKey is easy
  • Find the right YubiKey
  • Works with YubiKey
  • Compare YubiKeys
One key for hundreds of apps and services

YubiKey works out-of-the-box and has no client software or battery

Yubico protects you
  • phishing-resistant MFA
  • strong MFA
  • YubiKey
See YubiKeys as a Service
YubiEnterprise Subscription delivers scale and savings

Gain a future-proofed solution and faster MFA rollouts

See YubiKeys as a Service
  • phishing-resistant MFA
  • strong MFA
  • YubiKey
Solutionsexpand_more
Solutions overview
  • Zero Trust
  • Executive Order OMB M-22-09
  • Phishing-resistant MFA
  • Passwordless
  • Compliance
  • Cyber Insurance
  • Secure supply chain
  • Hybrid & remote workers
  • Secure privileged users
  • Mobile restricted environments
  • Call centers
  • Shared workstations
  • Microsoft ecosystem
  • Salesforce workspace
  • IAM solutions
  • AWS environment
The Bridge to Passwordless

Begin the journey to make your organization passwordless

Get the white paper
  • phishing-resistant MFA
  • strong MFA
  • YubiKey
Accelerate your Zero Trust Strategy

7 best strong authentication practices to jumpstart your Zero Trust program

Get the white paper
  • phishing-resistant MFA
  • strong MFA
  • YubiKey
Federal cybersecurity requirements

See guidance for CIOs and leaders to prepare for the modern cyber threat era

See Gartner® Report
  • phishing-resistant MFA
  • strong MFA
  • YubiKey
Industriesexpand_more
Industries overview
  • High tech
  • Federal government
  • State & local government
  • Education
  • Financial services
  • Manufacturing
  • Energy & natural resources
  • Retail & hospitality
  • Telecommunications
  • Healthcare
  • Pharmaceuticals
  • Cryptocurrency
  • Elections & campaigns
Manufacturing and supply chain security

Authentication best practices for manufacturing using highest-assurance security

Get the white paper
  • phishing-resistant MFA
  • strong MFA
  • YubiKey
Phishing-resistant MFA: Fact vs. Fiction

Meet requirements for phishing-resistant MFA in OMB M-22-09 guidelines

Get the white paper
  • phishing-resistant MFA
  • strong MFA
  • YubiKey
Secure energy and natural resources from cyber threats

Best practices for phishing-resistant MFA to safeguard your critical infrastructure

Get the white paper
  • phishing-resistant MFA
  • strong MFA
  • YubiKey
Resourcesexpand_more
All resources
  • Yubico Blog
  • Cybersecurity glossary
  • Authentication standards
  • Resource library
  • Developer program
  • Product briefs
  • Solution briefs
  • COVID-19 Resources
  • Case studies
  • Get a pilot started
  • White papers and reports
  • Webinars
BeyondTrust: secured with a subscription

A global leader in Privileged Access Management adopts YubiEnterprise Subscription to simplify its deployment.

How they optimized ROI
  • phishing-resistant MFA
  • strong MFA
  • YubiKey
Accelerate your Zero Trust Strategy

7 best strong authentication practices to jumpstart your Zero Trust program

Get the white paper
  • phishing-resistant MFA
  • strong MFA
  • YubiKey
Secure shared workstations against cyber threats

Shared workstations can be secured with phishing-resistant MFA.

Get the white paper
  • phishing-resistant MFA
  • strong MFA
  • YubiKey
Supportexpand_more
Support home
  • Find the right YubiKey
  • Set up your YubiKey
  • Downloads
  • Product documentation
  • Support articles
  • Support Services
  • Professional Services
  • YubiEnterprise Subscription
  • Sitemap
  • Cookies
  • Legal
  • Privacy
  • Patents
  • Terms of use
  • Trust
How to set up your YubiKey

Follow our guided tutorials to start protecting your favorite services.

Set up your YubiKey
  • phishing-resistant MFA
  • strong MFA
  • YubiKey
Find the best YubiKey for your needs

Take the guided quiz and see which YubiKey best fits your or your businesses needs.

Take the quiz
  • phishing-resistant MFA
  • strong MFA
  • YubiKey
Accelerate your YubiKey deployment

Technical and operational guidance for your YubiKey implementation and rollout.

Professional Services
  • phishing-resistant MFA
  • strong MFA
  • YubiKey
SubscribeStore
  • Home » Resources » Reference customers » Halborn case study
    featured customer

    Leading blockchain security firm Halborn protects global, remote team with YubiKeys

    Phishing-resistant MFA provides high-assurance authentication and seamless employee onboarding
    Halborn hero image
    Improved security
    Scalable solution
    Ease of use

    Blockchain security firm Halborn drives exponential growth, built on a solid security foundation with YubiKeys

    Halborn is an award-winning blockchain cybersecurity firm providing end-to-end security from smart contract audits and penetration testing to cloud automation. With the growth of cryptocurrency usage and crypto crime, costing up to $3.2 billion globally in 2021, Halborn’s services are increasingly in demand to help clients, including Layer 1 blockchains, infrastructure providers, financial institutions and app and game developers, stay safe in the new Web3 ecosystem.

    Halborn was founded in 2019 by serial entrepreneur Rob Behnke and Steven Walbroehl, a renowned ethical hacker with 25 years of cybersecurity security experience. Since its launch, it has self-funded its growth to over 100 employees, including 80 best-in-class security engineers from across the world. Halborn recently raised a $90 million Series A funding round to help accelerate the growth of its security team and the development of blockchain security SaaS products. 

    Halborn logo

    Key results:

    • Identity-based access control to secure systems and data
    • Scalable to support seamless onboarding for global, remote team
    • Seamless login to SSO through G Suite
    Contact Sales

    Remote work drives need to prioritize modern phishing-resistant multi-factor authentication (MFA)

    As a remote-only organization and one of the most trusted and fastest-growing Web3 security firms, Halborn has consistently prioritized its own security architecture. While traditional factors such as passwords or SMS are widely known and used, Halborn needed an extra layer to secure its whole team. When founding Halborn as a fully-remote organization, Behnke and Walbroehl relied on the YubiKey, Yubico’s phishing-resistant multi-factor authentication (MFA) security key.

    “As we started hiring individuals, remote work was a concern,” noted Walbroehl. “Information must be protected.” The award-winning YubiKey is built for security and trusted by the world’s largest organizations to help put a stop to phishing attacks and account takeovers. In fact, it was already a trusted solution used by Halborn CEO and CoFounder Rob Behnke.

    Behnke and Walbroehl made the YubiKey a standard part of every employee’s onboarding process, even as that team has grown to spread across more than 50 different countries. “It’s been really easy for us to set up YubiKeys as a standard security measure for everyone,” notes Walbroehl.

    “As a blockchain security firm, securing information with strong MFA is non-negotiable. YubiKeys provide a really safe way to do this for every team member’s account.”
    Halborn employee
    Steve WalbroehlCTO and CoFounder, Halborn

    Empowering employees with a highly secure, yet low-friction and productive environment

    To support the 100% remote, diverse, and bright team of engineers and ethical hackers, Halborn leverages a unique gamification system designed to reward and incentivize its employees based on proof of work and continuous learning. For this highly-competitive and self-reliant culture, traditional security tools and processes could be a source of potential friction in the employee experience. 

    Traditional security tools such as anti-virus often cause significant problems for security testing tools, leading to errors or requiring whitelisting. Instead, Halborn opts to focus on supporting the productivity of its employees and employee use of its open-source tool Ziion by focusing on preventative security. Preventative security includes restrictions on downloading data, endpoint control, role-based access controls, and a VPN that is secured by G Suite’s single sign-on (SSO) and MFA with the YubiKey. All of this information is logged and monitored to ensure endpoints remain properly configured and policies remain enforced. With the YubiKey securing endpoint access to its systems and data, Halborn has created a more efficient security posture, a key factor to supporting its growth. 

    “The YubiKey provides that control and protection on the access layer,” notes Walbroehl. “If there were a SIM swap or two-factor breach, the hardware piece—something you need—is now there so you can’t use those credentials.” 

    In the early days of the organization, Halborn reimbursed its employees for their choice of laptop and two YubiKeys, with the second spare key to be stored securely to protect against loss. Today, Halborn is shifting to a company-owned model to provide additional endpoint control, leveraging dropshipping to supply pre-imaged laptops and YubiKeys directly to employees. Employees follow Yubico’s guided tutorials to set up their YubiKeys, often the “easiest component in onboarding,” shares Walbroehl.

    The imperative to secure client information with layered protection

    Having been mindful of its own user base, its employees, Halborn is also very mindful of the fact that it is in a position to help protect the future of blockchain-powered projects around the world. But this trusted position comes with an obligation to protect the information it gathers about its clients.

    Halborn does not take custody of customer data, but it does provide security assurance through advanced penetration testing and smart contract audits, the results of which need to be kept secure. In addition, as part of helping to secure the frontier of emerging technology, Halborn employees find zero-day exploits nearly every week, information which could put many organizations and the public at risk if used inappropriately. 

    “We make sure that when contracts and tokens come out they are done properly so that people do not lose money,” notes Walbroehl. “Our reputation is on the line to make them secure—and to stay secure ourselves.” To date, Halborn has a perfect record of protecting its own system—thanks, in part, to the YubiKey. 

    As a part of its adherence to NIST and ISO 27002 standards, Halborn leverages the YubiKey as a second factor for single sign-on (SSO) access to G Suite, which the company uses for everything, and as part of a four-factor authentication for privileged access to its most sensitive assets. The YubiKey acts as proof of identity, something a user has, used in combination with other factors to add additional layers of protection for Halborn’s data. Halborn’s example, as one of the top Web3 security firms, sends a clear message in today’s world: passwords are just not enough.

    “Access and identity are the true perimeter of a remote organization. There’s nothing better than a hardware device for protecting this.”
    Steve WalbroehlCTO and CoFounder, Halborn

    Best practices to ensure a secure future for all Halborn stakeholders

    Halborn continues to focus on ensuring that its remote workforce of bright, innovative and highly motivated team members continues to experience a secure posture, as it interacts with clients. And, as part of its Advisory Services, Halborn recommends its own clients adopt best practices in identity and access control, including secure MFA and hardware devices such as the YubiKey. Further, as a course author for the SANS Institute, Walbroehl advocates for stronger education on how blockchain works and how to defend against threats—including how to protect against identity-based attacks with a modern smart card and FIDO-based hardware security key such as the YubiKey.

    Sources

    Leading blockchain security firm Halborn protects global, remote team with YubiKeys

Yubico Footer Text Logo
  • RSS
  • Twitter
  • LinkedIn
  • Facebook
  • Instagram
  • YouTube
  • GitHub
  • Product finder quiz
  • Find set-up guides
  • Buy online
  • Contact sales
  • Get Yubico updates
  • Careers
  • Events
  • Press room
  • About us
  • Partner programs
  • Affiliate program
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • YubiEnterprise Subscription
  • YubiEnterprise Delivery
  • Yubico Authenticator
  • Zero Trust
  • Phishing-resistant MFA
  • Passwordless
  • Cyber insurance
  • More solutions
  • Industries overview
  • Yubico blog
  • Resource library
  • Cybersecurity glossary
  • Authentication standards
  • Developer program
  • Works with YubiKey
  • Help center
  • Downloads
  • Product documentation
  • Support Services
  • Professional Services
  • Professional Services
  • Contact support
Yubico © 2023 All Rights Reserved.
  • Sitemap
  • Cookies
  • Legal
  • Privacy
  • Patents
  • Terms of use
  • Trust
We use cookies to ensure that you get the best experience on our site and to present relevant content and advertising. By browsing this site without restricting the use of cookies, you consent to our and third party use of cookies as set out in our Cookie Notice.

PreferencesAccept all
Yubico Privacy and Cookies Policy

Privacy Overview

Yubico.com uses cookies to improve your experience while navigating through the website. When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies.

Click on the different category headings to find out more and change our default settings.

Blocking some types of cookies may impact your experience on our site and the services we are able to offer.
Strictly necessary cookies
Always Enabled

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Functional cookies

These cookies enable the website to provide enhanced functionality and personalization. They may set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Performance cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Targeting cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Uncategorized

Undefined cookies are those that are being analyzed and have not been classified into a category as yet.

Matomo Anonymized Tracking
Save & Accept