Human-computer interaction efficiency in Identity and Access Management (IAM) systems are typically defined with respect to an optimized combination of security, usability, and Total Cost of Ownership (TOC) parameters. There are numerous implementations of MFA producing different combinations of the listed TCO, security and usability.

However, there is no a particular best system. Each commercial implementation efficiency depends on the vendor, industry, country, human users (consumers, enterprise employees, government employees), IAM service cost, nature of the selected combination of user authentication factors, resilience to a multiple attack vectors, etc.

More detailed overviews and descryptions of some efficient MFA systems you may find in granted US patents listed in the 'Contribution' section of my RG profile.   

Thanks @Len Leonid Mizrah for your valuable comments / answer  

In term of static authentication you might consider a password with SMS-based OTP. Further protection can be added by considering in-session continuous authentication using some behavioral Biometrics such as keystrokes dynamics or mouse movement. 

If your web application needs very high security, then you could employ the approach with three-factor-authentication at https://doi.org/10.1145/3007748.3007754

You can refer the paper:

Demystifying Authentication Concepts in Smartphones: Ways and Types to Secure Access https://www.hindawi.com/journals/misy/2018/2649598/abs/

However, this survey target smartphones but you will get fair idea of multi-factor authentication mechanism.

Thanks @Sandeep for your valuable comments