How can application owners fix this?
To make logging in simpler for users, application owners can change their WebAuth sites so that they do not require two-step authentication every day. To disable requiring two-step authentication on your WebAuth site, look in your Apache configuration and remove any lines like
WebAuthRequireInitialFactor m
or
WebAuthRequireSessionFactor m
Owners can also resolve this problem by migrating their application to SAML 2.0, which you are strongly encouraged to do now. All owners of legacy WebAuth sites will be required to migrate to SAML 2.0 by August 31, 2018.