I would love to see some sort of PAKE integrated into browsers and regular form input fields. Browsers would very strongly encourage randomly generating passwords on signup and not allow the site access to them. Users would also be discouraged from exporting the generated password from the browser (but if needed to to log into a different computer or back them up could see the password). Seems to give 99% of something like WebAuthn but way more understandable to the average user.