Google Authenticator instead of FortiToken?

we' ll just have to agree to disagree. but i' ll try one more time to answer your concerns: first of all the, the organization for authentication interoperability standards is OATH, not OAUTH. OAuth is an open standard for authorization, something completely different. second, what other firewall/VPN vendor offers free tokens for 2FA? Not Cisco, not Checkpoint, not Juniper, not anyone. Fortinet is the only vendor that offers two free tokens with their devices. If you don' t want Fortinet tokens fro use with your FortiGate, then use someone else' s, like Vasco, Safenet or RSA. But you will still have to pay those vendors. As for pricing analysis, that is highly proprietary and is not something to share in a public forum. And there is always a difference between " List" and " street" price. And there are tons of pricing gimmicks and games, such as server costs and annual subscription fees. So an apples-to-apples comparison is not trivial. A quick Google search reveals this link to a cost comparison from Yubico, who claims the YubiKey has the lowest total fees and annual total cost per credential. http://www.yubico.com/products/comparison/cost/ Their annual soft token cost is $38 PER YEAR. As for security, the token in 2FA is the second factor, the " something you have" factor. If that factor is able to be copied, it is no longer meeting the definition of 2FA and is not secure in that sense. Tokens installed on GA are easily copied. I can load the same token on multiple instances of GA thereby breaking the second factor rule. Further, GA tokens can be easily stolen through shoulder surfing. The same is not true for FortiToken Mobile because of the way FTM tokens are generated, transmitted and provisioned. They seeds are never visible and they can only be activated one time. Fortinet does not charge extra for security. Fortinet is a security company and bakes security into every product. It is part of the Fortinet DNA.