Why are my credentials filled before I am prompted for multifactor authentication for LastPass?
Using multifactor authentication requires that you have an Internet connection in order to validate your multifactor token. This means that if you do not provide LastPass with the same multifactor token that has been generated before it expires, your encrypted vault data in LastPass will never be released to you.
However, LastPass also supports Offline Access (if enabled) which allows you to keep a locally cached, encrypted copy of your vault data on your local device so that you're still able to access your data in the event that you do not have Internet access. Please be aware that use of this feature is dependent on your account type and/or policy restrictions (if applicable).
If your account is set up to use multifactor authentication (with Permit Offline Access enabled) and you log in to LastPass while offline, you are accessing the locally cached copy of your vault data before you can authenticate online. As a result, LastPass may fill in your credentials for the current site you are visiting before you can authenticate with your multifactor token.
To prevent this behavior, you can do either of the following: