diff --git a/extensions/security-webauthn/runtime/src/main/java/io/quarkus/security/webauthn/WebAuthnRunTimeConfig.java b/extensions/security-webauthn/runtime/src/main/java/io/quarkus/security/webauthn/WebAuthnRunTimeConfig.java
index 6433f25742006..54c2a9737e0ef 100644
--- a/extensions/security-webauthn/runtime/src/main/java/io/quarkus/security/webauthn/WebAuthnRunTimeConfig.java
+++ b/extensions/security-webauthn/runtime/src/main/java/io/quarkus/security/webauthn/WebAuthnRunTimeConfig.java
@@ -213,14 +213,14 @@ public static class RelyingPartyConfig {
      * referred to as "renewal-timeout".
      *
      * Note that smaller values will result in slightly more server load (as new encrypted cookies will be
-     * generated more often), however larger values affect the inactivity timeout as the timeout is set
+     * generated more often); however, larger values affect the inactivity timeout because the timeout is set
      * when a cookie is generated.
      *
-     * For example if this is set to 10 minutes, and the inactivity timeout is 30m, if a users last request
-     * is when the cookie is 9m old then the actual timeout will happen 21m after the last request, as the timeout
+     * For example if this is set to 10 minutes, and the inactivity timeout is 30m, if a user's last request
+     * is when the cookie is 9m old then the actual timeout will happen 21m after the last request because the timeout
      * is only refreshed when a new cookie is generated.
      *
-     * In other words, no timeout is tracked on the server side; the timestamp is encoded and encrypted in the cookie
+     * That is, no timeout is tracked on the server side; the timestamp is encoded and encrypted in the cookie
      * itself, and it is decrypted and parsed with each request.
      */
     @ConfigItem(defaultValue = "PT1M")