https://helpdesk.lastpass.com/multifactor-authentication-opt...
At the very least, consider securing Lastpass with U2F (fairly cheap) once they support it.
https://cognitionsecure.com/u2f-otp-google-lastpass/
Be sure to get at least two hardware tokens in case of failure.
--
PS. Some more exotic options even store actual passwords rather than encryption keys.
https://www.tindie.com/products/stephanelec/mooltipass-mini-...