For more information on Google Authenticator app, see http://goo.gl/sbBxn . It also supports Google logins (of course) as well as Dropbox logins.
More friends have asked me for details over the years, so here goes:
Authentication Objects can be shared across aaccounts
One can share any login object with any other LastPass user. In a work context, one could allow one’s staff log into a domain account but not allow them to see the password. Then, when the employee quits/gets terminated, one could revoke the shared object, and they would be locked out.
I generate ALL passwords for sites, via LastPass, setting the generation attributes (number of characters, which characters/symbols can be used, whether it should be pronounceable, whether to avoid ambiguous characters, etc.). It is sometimes necessary to change these attributes based on a given site’s rules. For example, I might need to dumb down the generated password from 16 characters, to 12, if the site only supports 12. Other sites do not support special characters ($, or ^, etc.), so I have to turn them off for such sites. For the most part I just leave everything dialed up, to the most complex, because I do not know, or care to know, passwords for my sites. I just need to know my LastPass password, and my PC (or domain, if at work) password, and I’m good. Hell, I don’t even know my Google password. No need.