Every time after sandbox refresh, security token is expired. So this causes necessity of creation of new security token and sending it to your email. Then you have to update that information in Force.com IDE in your project settings.
This is quite nauseous.
I have found a solution for developers who work from office and whose company has static public IP address.
Best Answer
Security tokens will match what's in production after a sandbox refresh. To avoid people needing to update their credentials after a refresh you'll need to continue to use the production password / security token in sandboxes after a refresh.
Bear in mind, once you have a sandbox, if you reset the security token or change the password you'll then be out of sync with production. At that point the next refresh will trash that security token (along with everything else in that sandbox) and start fresh again with what's in production.