Overview:
Enable two-factor authentication with FortiToken Mobile (FTM) One-Time Password (OTP) Application with Push Notifications or a Hardware Time-Based OTP Token
Fortinet FortiToken Mobile (FTM) and hardware OTP Tokens are fully integrated with FortiClient, protected by FortiGuard, and leverage direct management and use within the FortiGate and FortiAuthenticator security platforms. Fortinet two-factor authentication solutions are easy to manage and easy to use.
Product Offerings:
FortiToken Mobile
FortiToken Mobile is an OATH compliant OTP generator application for the mobile
device, supporting both time-based (TOTP) and event-based (HOTP) tokens.
FortiToken 200/200CD
FortiToken 200 is part of Fortinet’s broad and flexible two-factor authentication
offering. It is an OATH compliant, TOTP. It is a small, keychain-sized device that
offers real mobility and flexibility for the end user.
There is no client software to install. Simply press the button and the FortiToken
200 generates and displays a secure one-time password every 60 seconds. The
password verifies user identity for access to critical networks and applications. The
LCD big screen of the rugged FortiToken 200 is much easier to read than other OTP
tokens. There is an indicator on the screen displaying the time left until the next
OTP generation. FortiToken 200CD tokens are shipped with an encrypted activation
CD for the ultimate in OTP token seed security.
FortiToken 220
The FortiToken 220 OTP token form factor is a mini credit card that fits into a wallet.
The card is also shipped with a pre-cut hole for a keyring.
Highlights:
Convenient, Strong Authentication
FortiToken is the client component of Fortinet’s highly secure,
simple to use and administer, and cost-effective two-factor
solution for meeting strong authentication needs. This
application makes Android, iOS, and Windows mobile devices
behave like a hardware-based OTP token without the hassle
of having to carry yet another device. Push notification shows
details on the mobile device to approve or deny with one tap.
Alternatively, hardware-based OTP tokens can be used to
prevent users’ passwords from being stolen via phishing,
dictionary, and brute-force attacks.
Ultra-Secure Token Provisioning
FortiToken Mobile is simple to use and administer and
provision for the system administrator. The token seeds are
generated dynamically, minimizing online exposure. Binding
the token to the device is enforced and the seeds are always
encrypted at rest and in motion.
Privacy and Control
FortiToken Mobile cannot change settings on a phone, take
pictures or video, record or transmit audio, or read or send
emails. Further, it cannot see browser history, and it requires
permission to send notifications or to change any settings.
Additionally, FortiToken Mobile cannot remotely wipe a
phone. Any visibility FortiToken Mobile requires is to verify the
OS version to determine app version compatibility.
While FortiToken Mobile cannot change any settings without
permission, the following permissions are relevant to
FortiToken Mobile operations:
- Access to camera for scanning QR codes for easy token
activation
- TouchID/FaceID used for app security
- Access to the internet for communication to activate
tokens and receive push notifications
- “Send Feedback by Email”, to automatically populate the
“Sender” field
- Internally share files between applications to prepare an
attachment to be sent by email for “Send Feedback by
Email”
- FortiToken must keep the phone awake while it is
upgrading the internal database to avoid data corruption
Leverages Existing Fortinet Platforms
Besides offering out-of-the-box interoperability with any
time-based OATH compliant authentication server such as
FortiAuthenticator, FortiToken can also be used directly with
FortiGate Next-Generation Firewalls, including with high
availability configurations.
FortiGate has an integrated authentication server for
validating the OTP as the second authentication factor for
SSL VPN, IPsec VPN, captive portal, and administrative login.
This eliminates the need for the external RADIUS server that
is typically required when implementing two-factor solutions.
Online Activation with FortiGuard®
FortiToken tokens can be activated online directly from
FortiGate or FortiAuthenticator using the FortiGuard
Center. This maintains token seeds in a managed service
repository. Once the seeds are activated, they can no longer
be accessed from FortiGuard, ensuring they are safe from
compromise. Alternatively, Fortinet offers an encrypted
activation CD solution.
Specifications:
|
FORTITOKEN 200B/ 200BCD
|
FORTITOKEN 220
|
Onboard Security Algorithm
|
OATH-TOTP (RFC6238)
|
OATH-TOTP (RFC6238)
|
OTP Spec
|
60 seconds, SHA-1
|
60 seconds, SHA-1
|
Component
|
6-digit high contrast LCD display
|
Built-in button, 6-character LCD screen, Globally unique serial number
|
Dimensions (Length x Width x Height)
|
61.5 x 27.5 x 11.5mm
|
68 x 38 x 1 mm
|
Hardware Certification
|
RoHS Compliant
|
RoHS, CE, FCC
|
Operating Temperature
|
14–122°F (-10–50°C)
|
32–122°F (0–50°C)
|
Storage Temperature
|
-4–158°F (-20–70°C)
|
14–140°F (-10–60°C)
|
Water-Resistant
|
IP54 (Ingress Protection)
|
IP54 (Ingress Protection)
|
Casing
|
Hard Molded Plastic (ABS) Tamper-Evident
|
Hard Molded Plastic (ABS) Tamper-Evident
|
Secure Storage Medium
|
Static RAM
|
Static RAM
|
Battery Type
|
Standard Lithium Battery
|
Standard Lithium Battery
|
Battery Lifetime
|
3–5 Years
|
3–5 Years
|
Customization Available*
|
Casing Color, Company Logo, Faceplate Branding
|
Casing Color, Company Logo, Faceplate Branding
|
* Customizations are quantity-based
Documentation:
Download the Fortinet FortiToken Datasheet (PDF).
Download theOrdering Guide (PDF).