I set up duo push with my lastpass account recently and when I went to log in to access it on the phone, after entering the password, I recieved the push to the same phone. Of course, this is secure when typing the password into lastpass on another machine, but it gave me pause because if someone had grabbed my phone and knew the password, the 2nd factor (duo push) effectively would be useless, right?
What is the recommendation for mobile phones in this regard? I have a yubikey also, but unless you use duo its basically no choice on which way you want your 2nd factor to authenticate. I would have to remove duo from my lastpass account, and only use yubikey. I like to have options