Duo Mobile's restore functionality lets you back up Duo-protected accounts and third-party OTP accounts (such as Google or Facebook) for recovery to the same device or to a new device.

When you use the below methods to restore Duo accounts on a new or replacement device, be aware that:

  • Restoring or reactivating any "Duo-Protected" and "Duo Admin" accounts on the new device deactivates those accounts on the old device.
  • Restoring any third-party accounts on the new device does not deactivate those accounts on the old device. Be sure to delete those accounts from Duo Mobile on the old device or delete Duo Mobile entirely from the old device once you verify the passcodes generated by the restored accounts work for logging in to those services.
  • Duo for Windows offline access does not reactivate offline access accounts restored to your phone. Reactivation of Windows offline access creates a second offline access account. Delete the restored Windows offline access account from Duo Mobile before reactivating Windows offline access.

If you are a Duo Mobile end-user (not an administrator) and are looking for help configuring Duo Restore beyond the instructions here, or if you are not sure if your organization permits use of Duo Restore, please contact your organization's IT help desk for assistance.

Duo Restore for iOS

Enabling Duo Restore

  1. Make sure you are running the latest version of the Duo Mobile App on your current iOS device.
  2. Back up your device to iCloud, with iCloud Keychain enabled to use Instant Restore. Nightly iCloud backups will include Duo Restore information. Encrypted iTunes backups will also work.

Due to how apps are automatically backed up in iOS, the backup functionality of Duo Restore is always on for iOS users who have iCloud enabled and they will not see a notification indicating their information is being backed up. However, whether an account can be restored depends upon Duo Restore being enabled by the administrator in the Duo Admin Panel or whether you've set a recovery password for reconnecting third-party accounts.

Enable Duo Restore for Third-Party Accounts

Be sure to enable third-party account backup and restore if you use Duo Mobile to generate passcodes for logging into applications like Instagram, Facebook, Snapchat, or other web services. Duo cannot recover access to those accounts without a backup. If you become locked out of those services and don't have a backup of your accounts in Duo Mobile, you'll need to contact the support team for that application or perform the account recovery process for each of those third-party applications.

When Duo Mobile 3.28 or later detects you have a third-party account, you'll be prompted to create a recovery password. Tap Enable Now to set one.

Enter a recovery password that has 10-128 characters. Do not lose this password! You'll need to provide it again to recover these accounts. Duo cannot recover this password for you. Be sure to store it securely. If you lose this password you'll need to manually reconnect your third-party accounts by visiting each of those services individually and following their 2FA setup process.

Restoring Duo Mobile Accounts

Recovering Duo-Protected Accounts with Instant Restore

Instant Restore requires Duo Mobile for iOS v3.33.0 or newer and that you've enabled iCloud Keychain. Additionally, your organization's Duo administrator must have enabled the Instant Restore feature.

  1. Sign in to iCloud on your new iOS device and restore from an iCloud backup.
  2. Enable iCloud Keychain.
  3. Download the Duo Mobile app on your new device.
  4. Open Duo Mobile and tap Get Started on the "Welcome back" screen.

    Duo Mobile Instant Restore

  5. Duo Mobile locates your backed-up Duo-protected accounts and restores them to your device, showing a success message when complete.
  6. Duo also sends a push notification that accounts were activated on a new device to your old phone. If you receive this notification and you didn't just perform a restore, tap Report as Fraud. This deactivates your Duo accounts on both devices and alerts your organization's Duo administrators about the fraudulent reactivation. To dismiss this notification on your old phone, tap This is not fraud.

The Duo Mobile accounts list shows your restored Duo accounts, and you may use them to log into Duo-protected services with Duo Push or a generated passcode.

This process doesn't reconnect any third-party accounts. You'll still need to provide your third-party account recovery password before you can use those accounts to generate passcodes.

Watch the Instant Restore process for iOS:

Recovering Duo-Protected Accounts from a Protected Application

  1. Restore your new or reset iOS device from your iCloud backup.
  2. Open the Duo Mobile app on your new device.
  3. Tap Reconnect next to your Duo account in the main accounts list.

    Duo Mobile Recovery Option

  4. Log in to the Duo-protected application selected by your IT administrator.
  5. Authenticate using Duo via a method allowed for this application by your IT administrator. If SMS or hardware token passcode and phone calls are not allowed, you will either need to use a different Duo Push-capable 2FA device, use the Duo Self Service Portal (if available), or contact your IT administrator to restore your account on your new device.
  6. After authenticating, your new iOS device should be connected to the Duo service.

Recovering Third-Party Accounts

  1. Restore your new or reset iOS device from your iCloud backup.
  2. Open the Duo Mobile app on your new device.
  3. If you previously created a third-party account backup, Duo Mobile notifies you that it found accounts to recover. Tap Automatically reconnect to begin the recovery process.
  4. Enter your recovery password and then tap Reconnect. Duo Mobile restores your third-party accounts.

When you return to the accounts list after a successful third-party accounts restore, you'll be able to tap your third-party accounts to generate passcodes for logging into those services.

Note that this doesn't reconnect your Duo-protected accounts. You'll still need to perform the Duo-protected account recovery steps before you can use those accounts to log in to Duo-protected services with Duo Push or Duo Mobile passcodes.

See third-party account recovery on iOS in action.


Duo Restore for Android

Enabling Duo Restore

  1. When you add your first-ever account in the Duo Mobile app, you will see a new notification prompt to enable Duo Restore on your device.
  2. Duo Mobile Recovery Setup

  3. Tap SET UP NOW and select the Google account to use for Duo Restore. Grant Duo Mobile permission to store the backup in your Google Drive.
  4. Duo Mobile Recovery Account Selection

  5. At this point, you can also choose to enable account recovery for your third-party accounts by tapping Automatically reconnect third-party accounts. If you don't enable this now, Duo Mobile will remind you later when you add your first third-party account.
  6. Duo Mobile Recovery Account Selection

  7. When prompted, enter and confirm a recovery password that has 10-128 characters. Do not lose this password! You'll need to provide it again to recover these accounts. Duo cannot recover this password for you. Be sure to store it securely. If you lose this password you'll need to manually reconnect your third-party accounts by visiting each of those services individually and following their 2FA setup process.
  8. Duo Mobile Recovery Account Selection

It is also possible to enable Duo Restore at any time by doing the following:

  1. Make sure you are running the latest version of the Duo Mobile App on your current Android device.
  2. Open the Duo Mobile App.
  3. Tap the overflow menu (three vertical dots) in the top right corner of the main accounts list.
  4. Tap Settings.
  5. Tap Duo Restore.
  6. Turn on Duo Restore by tapping Backup accounts with Google Drive.
  7. Select a Google account to store your backup.
  8. Optionally enable third-party account restore by tapping Automatically reconnect third-party accounts.
  9. Enter and confirm a recovery password that has 10-128 characters.

Restoring Duo Mobile Accounts

Recovering Duo-Protected Accounts with Instant Restore

Instant Restore requires Duo Mobile for Android v3.32.0 or newer. Additionally, your organization's Duo administrator must have enabled the Instant Restore feature.

You must have access to Duo Mobile on your old Android device in order to use Instant Restore to restore your Duo-protected account backup to your new device. If you can't open Duo Mobile on your old device, for example, if your phone was lost or damaged, contact your Duo administrator to discuss your account recovery options.

  1. From your new Android device, download the latest Duo Mobile App from the Google Play Store.
  2. Open the Duo Mobile app on your new device.
  3. Tap Get My Account Back from the welcome screen.

    Duo Mobile Recovery Option

  4. Select the Google account you used when initially setting up Duo Restore.
  5. At the beginning of the reconnection process, you'll be asked if you have your old phone. Tap Yes to continue.
  6. Open Duo Mobile on your old phone, and tap the menu icon in the top right to open Settings.
  7. Locate the "Connect a new phone" settings item, and tap VIEW QR CODE. If you don't see this option, make sure Duo Mobile on your old phone is version 3.32.0 or later.
  8. Return to your new phone, and tap either SCAN THE QR CODE in step 3 or SCAN in the lower left, then scan the QR code shown on your old phone to complete account restoration.

    Duo Mobile Instant Restore

  9. Duo Mobile locates your backed-up Duo-protected accounts and restores them to your device, showing a success message when complete.

The Duo Mobile accounts list shows your restored Duo accounts, and you may use them to log into Duo-protected services with Duo Push or a generated passcode.

This process doesn't reconnect any third-party accounts. You'll still need to provide your third-party account recovery password before you can use those accounts to generate passcodes.

Watch the Instant Restore process for Android:

Recovering Duo-Protected Accounts from a Protected Application

  1. From your new Android device, download the latest Duo Mobile App from the Google Play Store.
  2. Open the Duo Mobile app on your new device.
  3. Tap Get My Account Back from the welcome screen.

    Duo Mobile Recovery Option

  4. Select the Google account you used when initially setting up Duo Restore.
  5. If account information is found, you will then see the accounts on the Duo Restore screen and in your main accounts list, but with a Reconnect button instead of the key button used to generate passcodes.
  6. Tap Reconnect next to your Duo account in the main accounts list.
  7. Duo Mobile Recovery Option

  8. Log in to the Duo-protected application selected by your IT administrator.
  9. Authenticate using Duo via an method allowed for this application by your IT administrator. If SMS or hardware token passcode and phone calls are not allowed, you will either need to use a different Duo Push-capable 2FA device, use the Duo Self Service Portal, or contact your IT administrator to restore your account on your new device.
  10. After authenticating, your new Android device should be connected to the Duo service.

Recovering Accounts Manually

If the Duo Restore feature is not enabled by your Duo administrator, or your backup includes third-party accounts but you did not set a recovery password for those accounts, you will see a screen like this upon attempting account recovery (tapping Reconnect) within Duo Mobile:

Duo Mobile Reconnect

Scan the barcode from your third-party account 2FA setup screen, or, to recover a Duo-protected account, access the My Settings and Devices page from the Duo prompt to reactivate the account. If your organization hasn't enabled self-service device management, contact your IT Help Desk or Duo service administrator for assistance reactivating the account.

Recovering Third-Party Accounts

  1. Open the Duo Mobile app on your new or reset device.
  2. From your new Android device, download version 3.28 or newer of the Duo Mobile App from the Google Play Store.
  3. Open the Duo Mobile app on your new device.
  4. Tap Get My Account Back from the welcome screen.
  5. Duo Mobile Recovery Option

  6. Select the Google account you used when initially setting up Duo Restore.
  7. If Duo Mobile finds a valid backup in your Google Drive, it restores your previoulsy backed-up accounts. If your backup included third-party accounts, enter your recovery password when prompted.

When you return to the accounts list after a successful third-party accounts restore, you'll be able to tap your third-party accounts to generate passcodes for logging into those services.

Note that this doesn't reconnect your Duo-protected accounts. You'll still need to perform the Duo-protected account recovery steps before you can use those accounts to log in to Duo-protected services with Duo Push or Duo Mobile passcodes.

See third-party account recovery on Android in action.


Frequently Asked Questions

How does the Duo Mobile restore process affect third-party accounts in my Duo Mobile app?

You'll need to visit each third-party site and follow their specific instructions for reactivating 2FA. This usually involves scanning a QA code after using an alternative recovery method like phone call or SMS. Third-party accounts include accounts that were added to Duo Mobile but not directly linked to the Duo service, such as Google Accounts, Amazon, Facebook, Snapchat, Dropbox, etc.

Will Duo Mobile accounts be saved on my device if I delete the app?

It depends on the device's operating system.

  • On iOS, all accounts are retained in the device's secure keychain when you delete the app. This means both Duo-protected and third-party accounts will be available if you reinstall Duo Mobile on the same device. Accounts are only deleted when done so explicitly in the app.
  • On Android, deleting the Duo Mobile app will delete all accounts from your device. Deleting the Duo Mobile app essentially wipes the potential for unassisted account recovery.

Is it possible to restore an account once I've deleted it in Duo Mobile?

No. If you manually delete accounts within the app then they are gone and there is no process for restoration.

How large are Duo Mobile backups?

The size of Duo Mobile backup files can vary depending on how many accounts are associated with a device, but generally they are not larger than 500 KB.

Does Duo backup the private key pairs used in any of the accounts in my Duo Mobile App?

If you haven't enabled third-party account restore in Duo Mobile then app backups to Google Drive (Android) or iCloud (iOS) accounts DO NOT contain any private key or other sensitive data. Do note that some third-party accounts use an email address as the primary identifier, and thus will be included in the backup (Amazon, Gmail, and others).

Full device encrypted backups to iTunes will back up both the account listings and private key pairs, but can only be restored on the SAME phone that created the backup.

If you opt-in to third-party account backup and restore, and have set an account recovery password, then the app backups to Google Drive (Android) or iCloud (iOS) do include the private key information for your third-party accounts. The backups are encrypted by the recovery password, which is only known to you and cannot be recovered by Duo. When you restore a backup that contains third-party account information you must enter the recovery password to decrypt the backup.

Users cannot inspect or open backup files. iCloud does not provide a way for users to view the backup file. Google Drive users can view that Duo Mobile is using their Drive to store data and the size of that backup but cannot interact with that file. Duo Mobile only has access to the application-specific folder in Google Drive.

If the private keys are not backed up, how does this work?

Once you restore your account list you'll see a “Reconnect” link next to each account. Reconnecting the account directs you through a reactivation process where the you need to authenticate to a Duo protected application (configured by the Duo account admin) to verify your identity. Once the your identity has been verified, Duo Mobile reactivates account.

Can I restore a backup to a different mobile platform (Android → iOS or iOS → Android)?

No, backups can not be restored across platforms. Duo Mobile can be activated on a new device that uses the same phone number as an old device on a different platform via the self-service device management options in the Duo prompt (if enabled by your Duo admin), or you can contact your IT help desk or Duo admin to request assistance reactivating the accounts on the new device.

Why am I getting an error saying "We couldn't find any accounts backed up on this Google account. Try selecting another Google account or contact your help desk." when attempting Duo Restore?

There are several reasons this could happen:

  • The wrong Google account was chosen when attempting Duo Restore.
  • If you very recently toggled on Duo Restore on your new phone, it may not be in sync with the backup on your old phone yet.
  • Duo Restore was actually never activated on the old (original) device so no backup is available.
  • Duo Restore was turned off on the old device.