those are just off the top of my head, and I'm not an expert on 2FA either. If we're talking about alternative solutions to someone logging in as someone else, you still have to provide a "2FA" solution because "2-factor" is a description of the problem to be solved (the multi-factor authentication problem) - to prove who you are in high-security situations it's insufficient to just provide something you know i.e. a password, because someone else can learn that thing. Thus you must provide "something you have" ie. proving you possess your phone via 2FA apps, or "something you are" via biometrics a la faceID. There are alternative solutions to this like USB 2FA tokens or those little pin-pads that banks provide you that are already required by most banks in order for you to access your account. Other options are proving email ownership via access links like slack does, automated phone calls, probably some other venues. But the fundamental requirement to boost password security is to provide a non-knowledge-based proof of identity.