I encountered a situation where I can access an account without MFA. I am using chrome on linux.
1. On an account with MFA enabled, have a master password that is out of compliance with your organization's password age policy.
2. Enter your username/password on the lastpass login, this causes a warning telling the user that they should change their master password.
3. Click 'no' to dismiss the warming.
1. The user should be prompted to enter their second form of authentication before they can access their account.
1. After dismissing the warning about changing their master password, the user goes directly into their account without needing MFA - perfect for lazy users who don't wan't to change their passwords or bother with MFA