Some security & encryption programs enable the use of a Keyfile in addition to a PW.
How about adding a product extension for this to LastPass Authenticator to enable a Bluetooth filesharing feature on Android? This could not only provide another/redundant factor (something you have), but it could also include biometric (something you are) to authorise on-phone, AND it could include a new factor of Whare You Are since BT has limited range.
I imagine it could work something like this:
Use the LP Authenticator app to pair your phone with the target device using Bluetooth 4+
Import the keyfile into the LP Auth app (or LP itself?) - or have the app generate a new keyfile, if needed
A small LP client (or add-on to LP) on the target device would be the recipient of the connection and act as a temporary drive or file store that can be mapped as a URL in the target OS.
When the app tries to open the keyfile, the LP client would search for the BT connection to the phone. If successful, the key file is provided to the target application and cached.
On the phone’s LPA app, the user could have the option of providing each keyfile either with or without further biometric confirmation.
On the client app, the client could either encrypt or overwrite the local keyfile once it has been released by the target app. Possibly after a period of time.
A further feature could be to periodically poll the phone via BT to confirm it is still nearby & connected. (BLE could do this with low power usage). If the BT connection is lost, then it kills the target app & removes the file. Perhaps after a user-configured delay?
Of course, a similar thing could be done with NFC, but a) NFC is far less common than BT on devices, and b) the proximity for NFC means your phone would need to remain nearly in contact with the device.
BT can also provide signal power readings to give an idea of proximity of the phone to the target device. This might require the phone to be VERY close to the target, or just in the same room. Or, it could be relative to the power measured when first authorised. I.e. if I leave my desk for a coffee, the encryption is gone.
Besides offering users additional factors for authentication this extension can also work Offline. Meaning, if you have a target device and/or phone without internet/network access, this can still provide MFA. As a backup, the extension might enable USB connection to the phone to access LPA/the keyfile if BT isn't available.