You are a FortiAuthenticator administrator for a large organization. Users who are configured to use FortiToken 200 for two-factor authentication can no longer authenticate. You have verified that only the users with two-factor authentication are experiencing the issue.
What can cause this issue?
Time drift between FortiAuthenticator and hardware tokens can cause users to no longer authenticate. If the internal clocks of FortiAuthenticator and the FortiToken 200 devices are not synchronized, the one-time passwords (OTPs) generated by the tokens will not match the expected values, leading to authentication failures. Ensuring time synchronization or configuring time drift tolerance can resolve this issue.
One possible cause of the issue is time drift between FortiAuthenticator and hardware tokens. Time drift occurs when the internal clocks of FortiAuthenticator and hardware tokens are not synchronized. This can result in mismatched one-time passwords (OTPs) generated by the hardware tokens and expected by FortiAuthenticator. To prevent this issue, FortiAuthenticator provides a time drift tolerance option that allows a certain number of seconds of difference between the clocks.
page 186
Could someone help me confirm if this is correct