Page tree

Contents


Page Last Modified: Dec 06, 2017


Share Link:   https://answers.fredonia.edu/x/CgD7


Report problems with this page

Starting with version 3.17, the Duo Mobile app includes a new feature called Duo Restore. This functionality enables Android and iOS Duo Mobile users to back up their Duo-protected accounts and recover them when they get a new device.
Users must be able to complete two-factor at the Duo Prompt in order to recover their account. They may use phone callback authentication, a hardware token passcode, an administrator-issued Bypass Code, or a different Push-enabled device that they have previously associated with their account.

Duo Restore iOS Workflow

Enabling Backup:

  1. Make sure you are running the latest version of the Duo Mobile App on your current iOS device.
  2. Back up your device to iCloud. Nightly iCloud backups will include Duo Restore information. Encrypted iTunes backups will also work. Note: Duo only stores non-sensitive account information on iCloud.

Note that due to how apps are automatically backed up in iOS, the backup functionality of Duo Restore is always on for iOS users who have iCloud enabled and they will not see a notification indicating their information is being backed up.

Recovering Accounts:

  1. Restore your new iOS device from your iCloud backup.
  2. Open the Duo Mobile app on your new device.
  3. Tap Get Working next to your Duo account in the main accounts list.
  4. Log in to the mail application using the link provided.
  5. Authenticate using Duo via an method allowed for this device. If hardware token passcode or phone calls are not allowed, you will either need to use a different Duo Push-capable 2FA device, or contact your IT administrator to restore your account on your new device. 
  6. After authenticating, your new iOS device should be connected to the Duo service.

Duo Restore Android Workflow

Enabling Backup:

Once Duo Restore launches, Android users will see a new notification prompting them to enable backup on their device:

           User-added image
Users can also enable Duo Restore at anytime by doing the following:  

  1. Make sure you are running the latest version of the Duo Mobile App on your current Android device.
  2. Open the Duo Mobile App.
  3. Tap the overflow menu in the top right corner of the main accounts list.
  4. Tap Settings.
  5. Tap Duo Restore.
  6. Turn on Duo Restore.
  7. You will then be prompted to select a Google account to store your backup on. Note: Duo only stores non-sensitive account information on Google drive.

Recovering Accounts:

  1. From your new Android device, download version 3.X or newer of the Duo Mobile App from the Google Play Store.
  2. Open the Duo Mobile app on your new device.
  3. Tap Get Account Back from the welcome screen.
    User-added image
  4. Select the Google account you used on your previous phone when setting up Duo Restore. If account information is found you will then see the accounts on the Duo Restore screen and in your main accounts list, but with a Get Working button instead of the key button used to generate passcodes. Note: if you already added new accounts on your new device, those accounts will not be removed.
    User-added image
  5. Tap Get Working next to your Duo account in the main accounts list.
  6. Log in to the mail application using the link provided.
  7. Authenticate using Duo via any method allowed for this application and device. If hardware token passcode or phone calls are not allowed, you will either need to use a different Duo Push-capable 2FA device or contact your IT administrator to restore your account on your new device. 
  8. After authenticating, your new Android device should be connected to the Duo service.

Frequently Asked Questions


What are the benefits of Duo Restore vs. the normal reactivation process?

  • The restore process does not require users to interact with their IT helpdesk or administrator.

  • Duo Restore is an easy-to-follow guided process for restoring and reactivating accounts directly within the Duo mobile app. The process does not require a secondary device.

Why am I getting an error saying "We couldn't find any accounts backed up on this Google account. Try selecting another Google account or contact your help desk." when attempting Duo Restore?
There are several reasons this could happen:

  • The wrong Google account was chosen when attempting Duo Restore

  • If you very recently toggled on Duo Restore on your new phone, it may not be in sync with the backup on your old phone yet

  • The Duo Mobile app was deleted from the old phone, which would have also deleted the Google Drive backup

  • Duo Restore was actually never activated on the old (original) device so no backup is available

Does Duo backup the private key pairs used in any of the accounts in my Duo Mobile App?
No, backups to users’ Google Drive (Android) or iCloud (iOS) accounts DO NOT contain any private key or other sensitive data. Do note that some third-party accounts use an email address as the primary identifier, and thus will be included in the backup (Amazon, Gmail).

Further, users cannot inspect or open backup files. iCloud does not provide a way for users to view the backup file. Google Drive users can view that Duo Mobile is using their Drive to store data and the size of that backup but cannot interact with that file. Duo Mobile only has access to the application-specific folder in Google Drive.

Note: Full device encrypted backups to iTunes will back up both the account listings and private key pairs, but can only be restored on the SAME phone that created the backup.

How large are Duo Mobile backups?
The size of Duo Mobile backup files can vary depending on how many accounts are associated with a device, but generally they are not larger than 500 kB.

If the private keys are not backed up, how does this work?
Once a user restores their account listings they will see a “Get Working” link next to each account. That process will direct them through a reactivation process where the user will need to authenticate to a Duo protected application to verify their identity. Once the user’s identity has been verified, Duo Mobile will reactivate the account.