If you use two-factor authentication or single sign-on, you can extend the maximum session duration for your users beyond the default four hours. You can also make the maximum duration shorter than the default four hours.
Once you have set up your session duration for longer than four hours and have either 2FA or SSO enabled, users are asked if they want to remember their device:
They can then manage their devices by accessing their User settings page from their quick links:
Users can then remove any devices they no longer use: