The Duo Mobile app includes a feature called Duo Restore as of version 3.17. This lets you backup your Duo-protected accounts and recover them to a new device.

If you are a Duo Mobile end-user (not an administrator) and are looking for help configuring Duo Restore beyond the instructions here, or if you are not sure if your organization permits use of Duo Restore, please contact your organization's IT help desk for assistance.

Duo Restore for iOS

Enabling Duo Restore

  1. Make sure you are running the latest version of the Duo Mobile App on your current iOS device.
  2. Back up your device to iCloud. Nightly iCloud backups will include Duo Restore information. Encrypted iTunes backups will also work. Note: Duo only stores non-sensitive account information on iCloud.

Due to how apps are automatically backed up in iOS, the backup functionality of Duo Restore is always on for iOS users who have iCloud enabled and they will not see a notification indicating their information is being backed up. However, whether an account can be restored depends upon Duo Restore being enabled by the administrator in the Duo Admin Panel.

Recovering Accounts

  1. Restore your new iOS device from your iCloud backup.
  2. Open the Duo Mobile app on your new device.
  3. Tap Reconnect next to your Duo account in the main accounts list.

    Duo Mobile Recovery Option

  4. Log in to the Duo-protected application selected by your IT administrator.
  5. Authenticate using Duo via a method allowed for this application by your IT administrator. If SMS or hardware token passcode and phone calls are not allowed, you will either need to use a different Duo Push-capable 2FA device, use the Duo Self Service Portal (if available), or contact your IT administrator to restore your account on your new device.
  6. After authenticating, your new iOS device should be connected to the Duo service.

Duo Restore for Android

Enabling Duo Restore

When you add your first-ever account in the Duo Mobile app, you will see a new notification prompting to enable Duo Restore on your device:

Duo Mobile Enable Restore

It is also possible to enable Duo Restore at any time by doing the following:

  1. Make sure you are running the latest version of the Duo Mobile App on your current Android device.
  2. Open the Duo Mobile App.
  3. Tap the overflow menu (three vertical dots) in the top right corner of the main accounts list.
  4. Tap Settings.
  5. Tap Duo Restore.
  6. Turn on Duo Restore.
  7. You will then be prompted to select a Google account to store your backup on. Note: Duo only stores non-sensitive account information on Google Drive.

Recovering Duo Mobile Accounts

Recovering accounts when Duo Restore is enabled by your Duo administrator

  1. From your new Android device, download version 3.X or newer of the Duo Mobile App from the Google Play Store.
  2. Open the Duo Mobile app on your new device.
  3. Tap Get My Account Back from the welcome screen.

    Duo Mobile Recovery Option

  4. Select the Google account you used when initially setting up Duo Restore. If account information is found, you will then see the accounts on the Duo Restore screen and in your main accounts list, but with a Reconnect button instead of the key button used to generate passcodes. Note: if you already added new accounts on your new device, those accounts will not be removed.
  5. Tap Reconnect next to your Duo account in the main accounts list.
  6. Duo Mobile Recovery Option

  7. Log in to the Duo-protected application selected by your IT administrator.
  8. Authenticate using Duo via an method allowed for this application by your IT administrator. If SMS or hardware token passcode and phone calls are not allowed, you will either need to use a different Duo Push-capable 2FA device, use the Duo Self Service Portal, or contact your IT administrator to restore your account on your new device.
  9. After authenticating, your new Android device should be connected to the Duo service.

Recovering accounts when Duo Restore is not enabled by your Duo administrator

If the Duo Restore feature is not enabled by Administrators, you will see the following screen upon attempting account recovery (tapping Reconnect) within Duo Mobile:

Duo Mobile Reconnect

Scan the barcode from your third-party account 2FA setup screen, or, to recover a Duo-protected account, access the My Settings and Devices page from the Duo prompt to reactivate the account. If your organization hasn't enabled self-service device management, contact your IT Help Desk or Duo service administrator for assistance reactivating the account.

Frequently Asked Questions

How does the Duo Mobile restore process affect third-party accounts in my Duo Mobile app?

You'll need to visit each third-party site and follow their specific instructions for reactivating 2FA. This usually involves scanning a QA code after using an alternative recovery method like phone call or SMS. Third-party accounts include accounts that were added to Duo Mobile but not directly linked to the Duo service, such as Google Accounts, Amazon, Facebook, Snapchat, Dropbox, etc.

Will Duo Mobile accounts be saved on my device if I delete the app?

It depends on the device's operating system. See this article for more information, but note that for Android users, deleting the Duo Mobile app will wipe the necessary data to perform account recovery with Duo Mobile in the future.

Is it possible to restore an account once I've deleted it in Duo Mobile?

No. If you manually delete accounts within the app then they are gone and there is no process for restoration.

How large are Duo Mobile backups?

The size of Duo Mobile backup files can vary depending on how many accounts are associated with a device, but generally they are not larger than 500 KB.

Does Duo backup the private key pairs used in any of the accounts in my Duo Mobile App?

No, backups to users’ Google Drive (Android) or iCloud (iOS) accounts DO NOT contain any private key or other sensitive data. Do note that some third-party accounts use an email address as the primary identifier, and thus will be included in the backup (Amazon, Gmail, and others).

Further, users cannot inspect or open backup files. iCloud does not provide a way for users to view the backup file. Google Drive users can view that Duo Mobile is using their Drive to store data and the size of that backup but cannot interact with that file. Duo Mobile only has access to the application-specific folder in Google Drive.

Note: Full device encrypted backups to iTunes will back up both the account listings and private key pairs, but can only be restored on the SAME phone that created the backup.

If the private keys are not backed up, how does this work?

Once you restore your account list you'll see a “Reconnect” link next to each account. Reconnecting the account directs you through a reactivation process where the you need to authenticate to a Duo protected application (configured by the Duo account admin) to verify your identity. Once the your identity has been verified, Duo Mobile reactivates account.

Can I restore a backup to a different mobile platform (Android → iOS or iOS → Android)?

No, backups can not be restored across platforms. Duo Mobile can be activated on a new device that uses the same phone number as an old device on a different platform via the self-service device management options in the Duo prompt (if enabled by your Duo admin), or you can contact your IT help desk or Duo admin to request assistance reactivating the accounts on the new device.

Why am I getting an error saying "We couldn't find any accounts backed up on this Google account. Try selecting another Google account or contact your help desk." when attempting Duo Restore?

There are several reasons this could happen:

  • The wrong Google account was chosen when attempting Duo Restore.
  • If you very recently toggled on Duo Restore on your new phone, it may not be in sync with the backup on your old phone yet.
  • The Duo Mobile app was deleted from the old phone, which would have also deleted the Google Drive backup.
  • Duo Restore was actually never activated on the old (original) device so no backup is available.