When the multi-factor authentication times out (because it's been a month since the last time I entered a code from my authenticator app), it's annoying that yet again I have to click the "don't prompt again for 30 days" toggle to "enabled". I approve of having it default to "disabled" when a user is being prompted for the first time, making the user have to opt in to the slightly less secure but more convenient option, but when the user has already selected this option and the authentication has merely expired, the option should remain set to what it was before (so long as it's the same account as was logged in before).