Human-computer interaction efficiency in Identity and Access Management (IAM) systems are typically defined with respect to an optimized combination of security, usability, and Total Cost of Ownership (TOC) parameters. There are numerous implementations of MFA producing different combinations of the listed TCO, security and usability.
However, there is no a particular best system. Each commercial implementation efficiency depends on the vendor, industry, country, human users (consumers, enterprise employees, government employees), IAM service cost, nature of the selected combination of user authentication factors, resilience to a multiple attack vectors, etc.
More detailed overviews and descryptions of some efficient MFA systems you may find in granted US patents listed in the 'Contribution' section of my RG profile.
In term of static authentication you might consider a password with SMS-based OTP. Further protection can be added by considering in-session continuous authentication using some behavioral Biometrics such as keystrokes dynamics or mouse movement.
If your web application needs very high security, then you could employ the approach with three-factor-authentication at https://doi.org/10.1145/3007748.3007754