(or much longer sessions)
Occasionally weird folks like myself will rely on password managers without mobile support.
Because of this, the last few times I've logged in to MP via my phone have been via password reset to a non-recorded password.
A similar level of security could be achieved by allowing users to request a link with login token, to be delivered via email or SMS, also reducing login friction.
I’ve increased the session lifetime from 5 days to 30 days (will take effect on your next login), but I’m keeping this open to see if there’s any interest in doing more on this topic.