Currently, users with dynamic IPs are required to enter a 2-step authentication code via email every time their IP changes — which can happen daily and becomes tedious over time.

Would it be possible to implement a system that allows users to mark their device as "trusted" or use a locally stored authentication certificate or token?
This method would allow users to verify their identity once and avoid repeated 2FA prompts from the same device, even if the IP changes.