I already have a mobile authenticator app that I use for the rest of my OATH-compatible rolling codes. Why does the QR code received from Fortinet not work with a standard app?
I have no desire to install Fortinet's app for a single code.
"Unique token provisioning service via FortiGuard™ minimizes provisioning overhead and
ensures maximum seed security"
"Patented cross platform token transfer"
ref: https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortitoken.pdf
I was told ages ago that the activation mechanism is supposedly patented. It is said to increase the security of the seed. The QR code is merely the activation ASCII string which is only the FortiGuard activation server understands. So presumably the user can't leak/share the seed, even if they wanted to.
Note that the seeds can be retrieved in a standard manner (which can eventually be used to import it into a generic third-party app), but this is only available with FortiAuthenticator - https://docs.fortinet.com/document/fortiauthenticator/6.5.3/rest-api-solution-guide/829822/local-use... (section "Third-party integration: FTM provisioning")
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.