When I commuted to the office my IP would change multiple times as I crossed from 4G to various WiFis. It would be really annoying to have to log in each time.
This is why pinning user sessions to IPs isn't going to work - in a mobile first world most users have multiple IPs that they might access a service from during the course of a day.
Logging people out also isn't a minor inconvenience, especially for users who haven't figured out password managers yet.
It would be annoying even with a password manager. Most people are going to care a lot more about that multiple times a day inconvenience than the fact that it’s protecting security.
On iPhone it is more than the steps of authorizing password manager and having them auto filled. You’ll have to click yes and possibly something else to have touch or Face ID to be activated again.
I know this isn’t actually a major thing. It’s a 20 second process. Still a couple times a day is a couple times a day.
