evilthought wrote:I don't think Yubikey and Sesame play any role in encryption. They are only used in protecting the encrypted file from being downloaded from the lastpass server. You can test it yourself. Try opening the local encrypted copy that you saved on your hardrive using lastpocket. It will only require the email and master password. Also, we know Yubikey and Sesame play no part in encryption because if you lost your Yubikey and Sesame, you can disable them via email.
I'm not sure exporting is the same as copying. I will admit that my knowledge does not extend far enough to sufficently answer your points above but I believe they are probably false to some degree. However, I believe Yubikey and Sesame work somewhat similar to how your data is encrypted with your MP but also has the ability to work with OTPs.
By the way, KeePass does have key file option. Basically, you can create keyfile. Unlike lastpass's Yubikey and Sesam , the keyfile is needed for decryption.
Keyfiles can be copied and thus don't really follow the "something you have rule" too well, since everyone else can have it too. KeePass admits as much:http://keepass.info/help/base/keys.html
The same might be able to be claimed about Sesame (again I don't know the details) and is why I chose Yubikey instead.
Keepass' Windows login feature is interesting, but extremely limiting.
Again, LastPass uses multi-factor as a security layer, and Keepass and Roboform do not offer such, except maybe Keepass' Windows login feature, but it carries a very large downside.