New Feature | Duo Makes It Easier to Restore Your Personal Accounts
One of the top-requested mobile features of Duo Mobile is now a reality. Duo Mobile iOS and Android users can now restore their personal third-party applications using Duo Restore to connect to a new device or reset their current device. Now users can protect all of their accounts and restore them with one app. In this article we’ll show you how.
What Was the Problem?
Duo Mobile provides the most secure two-factor authentication methods available including Duo Push, phone call, and SMS passcodes. Users wanting the same level of security to protect personal accounts like Facebook, Slack, and Dropbox use Duo Mobile to generate a passcode for second-factor authentication to login. These applications are considered personal "third-party" accounts. Of the past million Duo activations, 25% were third-party applications.
Previously, Duo Mobile only provided backup and restore functionality for Duo-protected accounts and applications. When you replaced a mobile device, you had to manually reconnect each third-party account. Further, if your old device was lost or destroyed, you would need to rely on alternate authentication methods or backup codes to login.
Our goal was to provide a simple way to reconnect third-party accounts while maintaining our high standards of security.
How Does It Work?
Duo Restore for third-party accounts (3PR) uses an encrypted user-created backup to iCloud (iOS) or Google Drive (Android). As a result, third-party account backup information is not stored by Duo. To access Duo Restore you will need to opt-in to third-party restore and set a recovery password to use this feature.
Here’s how to do it:
After updating to the new version of Duo Mobile, users with a third-party account will see a prompt to enable third-party restore the first time they open the Duo Mobile app. Users without a third-party account will only see the prompt after they add their first third-party account. Android users will only see this prompt if they also already have the Duo Restore toggle enabled.
The toggle to enable Duo Restore for third-party accounts will be located in the Settings section of the iOS app. On Android, it will be located in Settings > Duo Restore.
The end user enables 3PR on the original device and sets a recovery password. When she activates a new phone, Duo will prompt her to reconnect to her existing third-party accounts by entering the recovery password. After doing so, her Duo Mobile 3rd party accounts are restored on her new device.
What Duo Admins Should Know
Duo Restore for third-party accounts is a good thing for your users. It does not require additional administrative overhead for you and has no impact on Duo accounts that are tied to your enterprise.
Your end users may already be using Duo as a passcode generator for applications and websites that you do not have control over like Facebook or Instagram. Please see our guide to third-party accounts for more information.
Also note that this feature does not introduce new authentication methods into Duo-protected applications. It only allows your users already protecting outside third-party accounts to securely backup and recover these accounts when they install Duo on a new device. Users will only be prompted to enable this feature if they already have third-party accounts added to Duo.
One important note for Duo Admins is that Duo Restore for third-party accounts does not require Duo Restore account recovery for Duo-protected accounts to be enabled in the Duo Admin Panel.
Does the Admin Enable 3PR?
No, all Duo Mobile users can use 3PR. There is no Duo admin setting. Note that this is different than Duo Restore for Duo-protected accounts which are enabled by an admin setting.
Where is the backup data sent?
Backup data is stored in iCloud for iOS and Google Drive for Android devices. It never hits Duo’s cloud services.
In Closing
We’re excited to make Duo Restore for third-party accounts available to all users and improve the experience of setting up a new mobile device. Let us know what you think. Tweet to us at @duosec or leave us an app review in iTunes or Google Play.