Actually yes, there is an automatic whitelist on a per-user basis.
It was described in a previous forum post, for your reference:
The plugin has an automatic whitelist process. Whenever someone updates their password, the IP is stored for future reference. Notices may still get sent depending on the timing of attacks and legitimate logins, so users can make sure nothing bad is happening...
And checking the source code I also noted the following:
Note: saves up to 10 addresses, duplicates are not stored.
This white-listing of IP addresses occurs on a per-user basis, these are called "verified IP's" in the code.
So you will likely see some requests for password resets if your users are coming from the same IP, but after the password is reset - that IP is whitelisted for that user. So that user will not be troubled again when logging in from that IP.
Please note this information is specific to version
0.35.0, things do change based on user feedback - but always with security in mind and after careful consideration by the plugin author.