These are intended for people who log in occasionally and don't stay long
So say you assign 1 to a group. That group then has 10 logins for any combination of members of that group.
When a user logs in and uses their token it is disabled for 28 days. So you would have 9 left after this user. After 28 days the used token would be available again for anyone in that group to use.
So you have to analyze your users and how much you think they will be logging in to determine if they should be a named user or how many login passes you would need to make available for the occasional users.
Yes, if a user stays logged in for longer than 60 minutes, they will consume another login pass.
Additionally, the passes are used up regardless of how long the user remains logged in. A user could log in for 1 minute, log out, and then log back in, and they will have used two logins. They are not given the remaining time.
Think of it like a parking spot with a meter on it.
If you put in money for an hour, the meter keeps ticking down until 0. If you stay in the spot for a full hour, great, you used up the Access Pass for the entire time. If you stay for 15mins, the time keeps ticking down to 0. Just like a parking spot. It doesn't halt the time if you leave early - difference is over a parking spot is that the time cannot be transferred to someone else if you leave. If you come back later (within the hour), you can continue to use the Access Pass until consumed. If you stay over the hour, another license gets consumed for the next hour.