I was just having a nosey around 2 factor auth and came across this:
This entertained me:
If you lose your grid, you can disable grid authentication via email confirmation.
Doesn't this make the entire scheme completely pointless? If an attacker compromises your email account then they can immediately disable 2 factor auth on your LastPass data.
Am I missing something?