Some or all users have to validate their Secure Login PIN multiple times a day, which is way too much.
The Secure Login session is intertwined with the session of the underlying application. So, the Secure Login session lasts as long as this session. According to this, there could be two different reasons for the problem:
Overall, the configured session timeout of the underlying application is too short and the users have to login multiple times a day.
As most users are using the "remember me" functionality, a user has to revalidate the 2FA pin without an explicit login, as the login is done automatically. In that case, a suitable increase of the session duration of the underlying application by a system administrator should solve this problem. For more information please see: Change the default session timeout to avoid user logout in Jira server
There is a known problem with the bot protection plugin of Atlassian.
This bug reduces the session timeout to one hour independent from the configured session timeout. As system administrator, please disable the bot killer plugin. Here you can find more information about that issue: JIRA session timeout set to 1 hour due to JIRA bug