Currently, LastPass does have an OATH-compliant OTP multifactor authentication method, labelled "Google Authenticator", wherein LastPass generates a base32-encoded secret and presents it as QR code containing a formatted otpauth:// URI -- which can then be used to program Google Authenticator or any other OATH-compliant app such as Okta Verify or Yubico Authenticator.

However, in the case of OATH hardware tokens (such as the Feitian VC-200E ), it's difficult or sometimes impossible for an end-user to re-program them with a new secret; tokens instead come pre-programmed, with the expectation that the user can input the pre-programmed secret into the app they wish to authenticate to.

Unfortunately, LastPass does not seem to have a method of accepting pre-existing secrets, only secrets it generates itself. The decision to not allow this for the "Google Authenticator" multifactor method probably makes sense from a user experience perspective, but it does also make it impossible to use these types of hardware tokens despite the fact that it does actually use the same algorithm.

What I would like to see, is the addition of a new "Generic OATH OTP" multifactor authentication that does enable using hardware tokens, by simply giving the user the ability to input their own secret and other relevant parameters -- possibly as just a complete OATH URI (e.g. otpauth://totp/LastPass:j.random@example.com?secret=JBSWY3DPEHPK3PXP&period=60).