This document discusses improving web authentication security. It outlines problems with password-based authentication like weak passwords and storing passwords insecurely. It then describes multi-factor authentication methods like one-time passwords via text/email and FIDO2 standards. FIDO2 uses public/private key pairs during registration and login for stronger authentication compared to passwords and one-time codes. The document also notes challenges of adopting FIDO2 including both devices and browsers needing support.