Just for the record, I am not recommending this as a solution.  This decreases the security of your Salesforce org, and is generally against best practices.  If you don’t fully understand the implications I would definitely not recommend this solution.  That said, I saw a client that did exactly this and thought I would share:

Turn off identity confirmation entirely: trust all IP addresses.  This way the connecting IP address is always trusted, and therefore identity confirmation is always bypassed.  Likewise, you will never need a security token for any connection.

This also means that if someone gets a Salesforce username/password combo from any user with API access, they can login and extract your entire database without a security token or email address verification from anywhere in the world.  Use with caution!

Cheers,

John