Chapter 3 Authentication for FortiOS 5.0 : Users and user groups : Users : Two-factor authentication
  
Two-factor authentication
The standard logon requires a username and password. This is one factor authentication—your password is one piece of information you need to know to gain access to the system.
Two factor authentication adds the requirement for another piece of information for your logon. Generally the two factors are something you know (password) and something you have (certificate, token, etc.). This makes it harder for a hacker to steal your logon information. For example if you have a FortiToken device, the hacker would need to both use it and know your password to gain entry to your account.
Two-factor authentication is available on both user and admin accounts. But before you enable two-factor authentication on an administrator account, you need to ensure you have a second administrator account configured to guarantee administrator access to the FortiGate unit if you are unable to authenticate on the main admin account for some reason.
 
Two-factor authentication does not work with explicit proxies.
The methods of two-factor authentication include:
Certificate
Email
SMS
FortiToken