I have to log in again pretty much daily on icloud.com even though I constantly click the "trust this device" checkbox.

App Store Connect, Feedback Assistant, developer.apple.com, etc.

On all their websites. Microsoft is quite a bad offender of this also.

Microsoft is the worst. Endless auth redirects, and gates help you if you've ever had multiple microsoft accounts on the same device.

Dunno, skype asked my password a long time ago.

IME github session is almost eternal.

It's possible to connect repositories / organizations to an external SSO. At my work place I have to re-authenticate several times a day. Luckily it usually doesn't require me to login at my work account each time and just redirects back automatically, but it adds an extra layer of protection. If someone gained access to my Github session either physically or externally it would not be enough to access my work.

I have these layers of protection between the web page and the actual code.

1. Github password

2. Github MFA

3. SSO password

4. SSO MFA

If an attacker wants to be successful, they probably need to actually use my machine as I suspect that both Github and the auth solution at work checks ip-addresses and other things that they would also need to get hold of. In that case they probably have complete control of my machine anyway and can do what they want.

More Microsoft-branded then - GH's current session handling largely predates Microsoft

They also expire cookies in Safari like clockwork, forcing you to login again to almost everything.

Very annoying. Supposedly it prevents tracking, but it's just annoying.

Apple's web properties are so, so bad. They clearly don't invest in anything that isn't a native iOS / MacOS app.

They don't really invest in native Mac apps now either.