This section describes various authentication scenarios involving FortiToken, a disconnected one-time password (OTP) generator that's either a physical device or a mobile token. Time-based token passcodes require that the FortiAuthenticator clock is accurate. If possible, configure the system time to be synchronized with a network time protocol (NTP) server.
To perform token-based authentication, the user must enter the token passcode. If the user’s username and password are also required, this is called two-factor authentication.