What is a secure option for external administrators in Fortinet systems?

Two-factor authentication (2FA) is a secure option for external administrators in Fortinet systems because it adds an additional layer of security beyond just a username and password. With 2FA, even if an attacker manages to obtain a user's password, they would still require a second form of verification—typically a one-time code sent to a mobile device or an authentication app—to gain access to the system. This significantly reduces the risk of unauthorized access and helps ensure that only legitimate users can perform administrative tasks.

Using complex passwords is a good practice, but it alone does not provide the enhanced security that 2FA offers. While local accounts might be secure if managed properly, they do not provide the same level of security when external access is involved. Disabling remote access altogether is a way to reduce risk, but it limits the ability for external administrators to perform their duties effectively. Therefore, implementing two-factor authentication is the most secure method to protect external administrative access in Fortinet systems.