Just for the record, I am not recommending this as a solution. This decreases the security of your Salesforce org, and is generally against best practices. If you don’t fully understand the implications I would definitely not recommend this solution. That said, I saw a client that did exactly this and thought I would share:
Turn off identity confirmation entirely: trust all IP addresses. This way the connecting IP address is always trusted, and therefore identity confirmation is always bypassed. Likewise, you will never need a security token for any connection.
This also means that if someone gets a Salesforce username/password combo from any user with API access, they can login and extract your entire database without a security token or email address verification from anywhere in the world. Use with caution!
Cheers,
John