Web authentication is very insecure. Because passwords are transmitted in plain text, they can be snooped by an attacker. You have two options, depending on the requirements of the scanning company, and the information being protected.

If the information that is protected is not actually sensitive, and the password is generally known, you can ask the security scanning company to make an exception on the basis that you are using authentication only as a simple authentication measure and it is not protecting anything sensitive.

If you are protecting sensitive information, or if the security scan provider does not allow for the exception, you would have to move the authentication script (the destination of the username/password form) to your secure server. In most configurations, this simply requires changing the url of the form's action attribute from http to https. In some cases, however, you might need to modify the script slightly.

__________________
The best way to learn anything, is to question everything.