I'm not aware of any 2FA that could be successfully integrated into a symmetric-key encryption algorithm. How do we fix 2FA without making the entire password vault system dependent on network access to a central LP server that is not compromised?