Timeouts are a bit of a weak spot for LastPass - while it has this feature in the plugin, the way it's configured is not very secure, and surprises you with no-timeouts as default. For example, setting up a new account on an existing plugin defaults to no timeouts. See viewtopic.php?f=7&t=32749
I'd really like more attention to a bulletproof timeout setup so you can set a general default (policy) at the account level, which will apply to all new browser installations, LP for Applications, etc.
LastPass has some great technology and is reasonably usable, but it's too easy to configure it to be insecure without realising.