Duo Mobile on Android
The Duo Mobile application makes it easy to authenticate — just tap “Approve” on the login request sent to your Android device. You can also quickly generate login passcodes, even without an internet connection or cell service.
Installing Duo Mobile
Find the latest version of Duo Mobile in Google Play.
Supported Platforms: The current version of Duo Mobile supports Android 6.0 and greater. Support for older Duo Mobile versions on Android 5.0 ended April 1, 2018.
To see which version of Duo Mobile is installed on your device, go to the Android Settings menu, tap Apps, then scroll down and tap Duo Mobile. The "App Info" screen shows the version.
Duo Push is the easiest and quickest way of authenticating. You'll get a login request sent right to your phone.
When the Duo Push notification shows up on your screen, tap where indicated to view the available actions: Approve or Deny.
You can slide down your notifications to see more information about the login request before selecting an action, like the username, timestamp, and location information (if available).
Simply tap Approve in either type of notification to finish logging in to the Duo-protected application.
Tapping on the push request notification itself (instead of tapping the notification actions) takes you to the full Duo Push screen in Duo Mobile.
If you get a login request that you weren't expecting, tap Deny on the notification or the full Push screen to reject the request. If you don't recognize the authentication attempt as your own, tapping It seemed fraudulent rejects the login attempt and also notifies your Duo administrator about the suspicious request. If you just want to cancel a login request you made you can tap It was a mistake to deny the request without reporting it.
Duo Mobile 3.10 and up also supports fingerprint verification for Duo Push-based logins as an additional layer of security to verify your user identity. If you're using a device with Android v5.0 or later and a fingerprint reader you'll need to scan your finger each time you authenticate via Duo Mobile (if required by your administrator).
If you're not able to scan your fingerprint using the sensor you can also approve the Duo authentication request using the device's passcode (the same one you use on the Android lock screen).
Tap the down indicator to get a one-time passcode for login. This works anywhere, even in places where you don't have an internet connection or can't get cell service.
If the account is a Duo native account (meaning you enrolled this device into Duo and activated the app for Duo Push), then the passcode shown is valid until used. Tap the arrows to generate a new Duo passcode.
If the account is a third-party OTP account (meaning you logged into another service like Gmail and added this device as an authenticator app), then you'll see a 30 second countdown indicator on the right. If you don't use that passcode before it expires then a new passcode is generated and the countdown begins again.
If you need to use the passcode from Duo Mobile in another mobile app simply tap the passcode to copy the currently shown code and paste it into the other app.
Adding Accounts to Duo Mobile
During the setup process you'll see a barcode to scan (it looks like this). Tap "Add Account" (or the plus button in the upper right). Scan the barcode to add the account to Duo Mobile.
Duo Mobile's Security Checkup verifies device settings against Duo's recommended security settings, and lets you know if any of your device's settings don't match.
This Android device has up-to-date software and all of Duo's recommended security settings configured:
This Android device is a few Android versions behind the latest, and doesn't have all of Duo's recommended security settings configured:
Tap on any detected issue to learn more about that particular setting and how you can update your device with the recommended configuration.
Go to Menu > Settings > Security Checkup in Duo Mobile to view your device's security status at any time.
Duo Mobile supports third-party TOTP accounts, like Google and Dropbox. Learn more »
Delete an account by long-pressing on an account. Then tap "Remove account" and confirm the deletion.
Pull to Refresh
Check for authentication requests by pulling the account list down. Duo Mobile automatically checks for authentication requests, but if you think you have missed a request, then tap the list of accounts and pull down to refresh.
Backup & Restore
If your administrator enabled Duo Mobile's backup and restore functionality and you previously backed up your Duo-protected accounts from the app to Google Drive you can restore your accounts to Duo Mobile on a new Android device via the guided recovery process. You can also perform third-party account recovery if you previously opted-in to third-party account restore. Start the account recovery process by tapping Get my account back on the Duo Mobile welcome screen, or go to Settings > Duo Restore.
See the full Duo Restore guide for Android here.
If you're not receiving Duo Push notifications, first try a pull-to-refresh. If this doesn't fix it, see the Duo Knowledge Base for additional Android troubleshooting steps.
Mobile device encryption helps keep the data on your device secure.
Duo considers your device encrypted when you enable password, PIN, or pattern authentication at startup. Without this setting, your device encryption is less secure, and you might not be able to access Duo-protected services or applications.
To enable encryption on your Android Device:
- Navigate to Settings → Security → Screen Lock.
- Enable password, PIN, or pattern to be required upon device startup.
- If you have a Samsung Device, you will additionally need to enable "Secure startup":
- Navigate to Settings → Lock screen and security → Secure startup.
- Choose Require PIN when device turns on.
- Close and reopen Duo Mobile.
If you still experience issues with the Disk Encryption error displaying in Duo Mobile, even after completing the steps above, try to disable this setting and then re-enable it again. This can happen because some Android device manufacturers will set a default password to encrypt the phone. Although your phone might say it’s encrypted, technically it isn’t fully encrypted until you set your own PIN/password/pattern at startup via your phone’s settings. Encrypting with your own password is the most secure option.Additional items to note:
- On Samsung devices, "Secure startup" will automatically turn off any time you enable an accessibility permission.
- Some newer devices (such as the Google Pixel) on Android 7.0 and higher support file-based encryption and can be considered encrypted by Duo without a PIN at startup.