The concern with the latest Lastpass hack is that a hacker was able to download actual user password vaults.
Yes, everyone should use 2FA and prefer an app like MS Authenticator for OTP over the more common solution of using SMS. The YubiKey is just a much stronger key for 2FA. The future of password is going to be Passkeys:
I use Lasspass and 2 factor authentication. After reading this post, I am reading about possible additional steps including Yubikey (hardware authentication) and app authentication. Trying to keep with security stuff is painful for me so I try to remember that “a stitch in time saves nine”
I have 2 credit cards, 1 bank, one investment account. The PWs for these are memorized and locked away. I use one desk computer to access only these accounts. I keep my phone as close as my wallet and store some PWs there embedded with data that is only obvious to myself. For non-important sites I just use a common memorable PW. This works well for me. When I croke, the people that will take care of my/our finances know where to look.