Chapter 3 Authentication for FortiOS 5.0 : Introduction to authentication : Methods of authentication : Two-factor authentication
  
Two-factor authentication
A user can be required to provide both something they know (their username and password combination) and something they have (certificate or a random token code). Certificates are installed on the user’s computer.
Two-factor authentication is available for PKI users. For more information, see “Certificate”.
Another type of two-factor authentication is to use a randomly generated token (multi-digit number) along with the username and password combination. One method is a FortiToken — a one time passcode (OTP) generator that generates a unique code every 60 seconds. Others use email or SMS text messaging to deliver the random token code to the user or administrator.
When one of these methods is configured, the user enters this code at login after the username and password have been verified. The FortiGate unit verifies the token code after as well as the password and username. For more information, see “Two-factor authentication”