Body
Overview
Learn how to use Duo Restore, which makes it easier to connect a future phone with Duo if you lose or replace your device.
The Duo Mobile app's restore functionality lets you back up Duo-protected accounts and third-party OTP accounts (such as Google or Facebook) for recovery to the same device or to a new device.
Please Note: If you're using another authenticator app, please refer to their documentation.
Table of contents
When restoring Duo accounts on a new or replacement device:
- Duo-protected and Duo Admin accounts: Restoring or reactivating them on the new device deactivates them on the old one.
- Third-party accounts: Restoring does not deactivate them on the old device. After confirming passcodes work, delete these accounts or uninstall Duo Mobile from the old device.
- Windows offline access: Restoring does not reactivate offline access. Reactivation creates a second account, delete the restored one before reactivating.
- Passwordless OS Logon: Cannot be restored. If using a different mobile device, re-enroll to log on without a password.
- Need help? End-users (not admins) should submit a ticket at Two-Step Login (Duo) Support..
Setting up Duo Restore
Select the title of each accordion panel in order to see its contents.
Prerequisites
- Update Duo Mobile to the latest version on your current iOS device.
- Back up your device to iCloud with Keychain enabled for Instant Restore. Nightly iCloud backups include Duo Restore data. Encrypted iTunes/Finder backups also work.
Duo Restore backup is always on for iOS with iCloud enabled (no backup notification shown). Account restoration depends on Duo Restore being enabled or having a recovery password for third-party accounts.
Enable Duo Restore for Third-Party Accounts
- Turn on backup for accounts like Instagram, Facebook, Snapchat, etc. Duo Mobile cannot recover these without a backup.
- If locked out and no backup exists, you must contact each service for recovery.
- When prompted, tap Enable Now and set a 10–128 character recovery password.
- Store this password securely as Duo cannot recover it. Losing it means manually reconnecting accounts.
- To enable later:
- Open Duo Mobile → Menu → Settings → Backup third-party accounts.
- Enter and confirm your recovery password.
- Duo Support cannot recover accounts or reset recovery passwords.
Prerequisites
- If Google account backup is disabled or your device lacks a PIN, pattern, or password lock, see Enabling Duo Restore (Legacy) below.
- Automatic backups require a screen lock (PIN, pattern, or password). Update your lock settings if needed.
Process
- Open Google Backup settings on your device (path varies by manufacturer; e.g., Pixel: Settings → Google → Backup).
- Enable Google backups. It's required for Duo Mobile cloud restore.
- Backups from other vendors (e.g., Samsung Cloud) do not work for Duo Mobile.
- If app data isn’t enabled, check Other device data to include Duo Restore info → tap Confirm.
- If Google backup is enabled, verify Apps included in Backup Details.
- If just enabled, tap Back up now to create your first backup.
- To enable third-party account recovery:
- Open Duo Mobile → Settings → Duo Instant Restore.
- Tap Automatically reconnect third-party accounts from cloud.
- Nightly Google backups include Duo Restore info. To check last backup: Settings → Duo Instant Restore.
- Automatic backups require a screen lock.
If you created a Google Drive backup using the old Duo Restore toggle, you can still access this backup to perform an Instant Restore.
Enabling Duo Restore (Legacy)
- Open Duo Mobile → tap menu icon → Settings.
- Tap Duo Restore under General settings.
- Enable Backup accounts with Google Drive.
- Select Google account and grant permission to store backup in Google Drive.
- Optionally enable Automatically reconnect third-party accounts.
- When prompted, create and confirm a recovery password (10–128 characters).
- Do not lose this password. Duo cannot recover it.
- Losing it means manually reconnecting accounts later via each service’s 2FA setup.
(Back to the top.)
Using Duo Restore
Select the title of each accordion panel in order to see its contents.
Recovering Duo-Protected Accounts (Instant Restore)
- Ensure your device was backed up with iCloud + Keychain or an encrypted iTunes/Finder backup.
- Sign in to iCloud and restore from backup.
- Download Duo Mobile (Duo Security LLC) on the new device.
- Open Duo Mobile → tap Continue.
- Duo restores your Duo-protected accounts automatically.
- If you get a new-device activation alert:
- Tap Yes if you initiated restore (deactivates old device).
- Tap No if you didn’t (alerts admins and deactivates both devices).
- Third-party accounts are not restored here need to use your recovery password.
Recovering Third-Party Accounts
- Restore your iOS device from iCloud or iTunes/Finder backup.
- Open Duo Mobile → tap Continue.
- Duo attempts automatic restore; if unsuccessful, enter your recovery password.
- After restore, you can generate passcodes for those services.
- Duo-protected accounts require Instant Restore steps separately.
Recovering Duo-Protected Accounts (Instant Restore)
- Ensure your device was backed up with iCloud + Keychain or an encrypted iTunes/Finder backup.
- Sign in to iCloud and restore from backup.
- Download Duo Mobile (Duo Security LLC) on the new device.
- Open Duo Mobile → tap Continue.
- Duo restores your Duo-protected accounts automatically.
- If you get a new-device activation alert:
- Tap Yes if you initiated restore (deactivates old device).
- Tap No if you didn’t (alerts admins and deactivates both devices).
- Third-party accounts are not restored here need to use your recovery password.
Recovering Third-Party Accounts
- Restore your iOS device from iCloud or iTunes/Finder backup.
- Open Duo Mobile → tap Continue.
- Duo attempts automatic restore; if unsuccessful, enter your recovery password.
- After restore, you can generate passcodes for those services.
- Duo-protected accounts require Instant Restore steps separately.
(Back to the top.)
Manual Restoration
If the Duo Restore feature is not enabled by your Duo administrator, or your backup includes third-party accounts but you did not set a recovery password for those accounts, after tapping Reconnect within Duo Mobile you'll see the options to Scan a QR code or Enter activation code.
Select Scan QR code and scan the QR code from your third-party account 2FA setup screen, or, to recover a Duo-protected account, access the My Settings and Devices page from the Duo prompt to reactivate the account. If you need assistance, contact your IT Help Desk.
If you use Duo for more than one organization, you will need to contact each organization's IT Help Desk to reactivate your accounts.
(Back to the top.)
FAQ
Please select the question to see the answer.
If you enabled third-party account backup, you can recover your accounts on your iOS or Android device.
If you did not enable third-party account backup, you'll need to visit each third-party site and follow their specific instructions for reactivating 2FA. This usually involves scanning a QR code after using an alternative recovery method like phone call or SMS. Third-party accounts include accounts that were added to Duo Mobile but not directly linked to the Duo service, such as Google Accounts, Amazon, Facebook, Instagram, Snapchat, Dropbox, etc.
It depends on the device's operating system.
- On iOS, all accounts are retained in the device's secure keychain when you delete the app. This means both Duo-protected and third-party accounts will be available if you reinstall Duo Mobile on the same device. Accounts are only deleted when done so explicitly in the app.
- On Android, deleting the Duo Mobile app will delete all accounts from your device. Deleting the Duo Mobile app essentially wipes the potential for unassisted account recovery.
No. If you manually delete accounts within the app then they are gone and there is no process for restoration.
The size of Duo Mobile backup files can vary depending on how many accounts are associated with a device, but generally they are not larger than 500 KB.
If you haven't enabled third-party account restore in Duo Mobile then app backups to Google account backup (Android) or iCloud (iOS) accounts do not contain any private key or other sensitive data. Do note that some third-party accounts use an email address as the primary identifier, and thus will be included in the backup (Amazon, Gmail, and others).
Full device encrypted backups to iTunes will back up both the account listings and private key pairs, but can only be restored on the same phone that created the backup.
If you opt-in to third-party account backup and restore, and have set an account recovery password, then the app backups to Google Drive (Android) or iCloud (iOS) do include the private key information for your third-party accounts.
- The backups are encrypted by the recovery password, which is only known to you and cannot be recovered by Duo.
- When you restore a backup that contains third-party account information you must enter the recovery password to decrypt the backup.
Users cannot inspect or open backup files.
- iCloud does not provide a way for users to view the backup file.
- Google Drive users can view that Duo Mobile is using their Drive to store data and the size of that backup but cannot interact with that file.
- Duo Mobile only has access to the application-specific folder in Google Drive.
The most common error is: We couldn't find any accounts backed up on this Google account. Try selecting another Google account or contact your help desk.
There are several reasons this could happen:
- The wrong Google account was chosen when attempting Duo Restore.
- If you very recently toggled on Duo Restore on your new phone, it may not be in sync with the backup on your old phone yet.
- Duo Restore was actually never activated on the old (original) device so no backup is available.
- Duo Restore was turned off on the old device.
(Back to the top.)
Need help?
If you have any additional questions, see Two-Step Login (Duo) Support or select the Request Help button.