diff --git a/index.bs b/index.bs
index 5863a665e..1081562cf 100644
--- a/index.bs
+++ b/index.bs
@@ -6001,9 +6001,8 @@ leakage due to such an attack:
     - When verifying an {{AuthenticatorAssertionResponse}} response from the [=authenticator=], make it indistinguishable whether
           verification failed because the signature is invalid or because no such user or credential is registered.
 
-    - Perform a different authentication step, such as username and password authentication,
-        before initiating the WebAuthn [=authentication ceremony=].
-        This moves the username enumation problem from the WebAuthn [=authentication ceremony=]
+    - Perform a multi-step [=authentication ceremony=], e.g.,  beginning with supplying username and password, before initiating the WebAuthn [=ceremony=] as a subsequent step.
+        This moves the username enumation problem from the WebAuthn step
         to the preceding authentication step, where it may be easier to solve.