Yes and no, you need 2fa on the accounts in your Lastpass. But the encrypted fields in your account are exposed. They can crack the master passwords and then have your others. If you have a strong password, like complex 14-16 characters or more it will take brute forcers a very long time to get in.

But everyone with Lastpass should reset their master password regardless and just in case everything in it if they must stay with last pass. But really at this point they should move off the platform.