---
id: "prereq-mfa-passkey-knowledge"
type: "prereq"
source_timestamps: ["¶9"]
tags: ["authentication", "technical-literacy"]
related: ["action-implement-mfa-passkeys"]
reason: "Required to execute the 'Do the basics' step of Dobrygowski's framework."
sources: ["governance"]
sourceVaultSlug: "hbr-seg-governance"
originDay: 7
articleStem: "hbr-sig-57-smb-cyber-risk"
sourceUrl: "https://hbr.org/2026/06/ai-is-changing-cyber-risk-heres-how-smbs-can-respond"
sourceTitle: "AI Is Changing Cyber Risk. Here’s How SMBs Can Respond."
---
# Understanding of MFA and Passkeys

**Assumed knowledge:** the reader understands the difference between traditional passwords, multifactor authentication (MFA), and modern passkey systems. The source recommends upgrading without explaining the underlying cryptography or the passkey user experience.

**Why it's needed:** required to execute the "Do the basics" step ([[action-implement-mfa-passkeys]]) of [[framework-dobrygowski-smb-cyber-defense]]. Without it, a reader cannot evaluate why passkeys are "considerably higher security" than passwords, nor why MFA is treated as the single highest-ROI control ([[claim-mfa-blocks-common-attacks]]).
