Caltech
Information Management Systems and Services
IMSS  /  Services  /  Information Security  /  Duo MFA  /  Duo backup and restore

Duo backup and restore

Duo backup and restore

The Duo Mobile apps for iOS and Android can be used to store second-factor credentials for Caltech and also for third-party applications. Duo Mobile offers several features for backing up and restoring these credentials. The specific capabilities of these backup and restore features vary depending on whether you are using an iOS or an Android device, and also whether you are backing up/restoring Caltech credentials, third-party credentials, or both Caltech and third-party credentials.

Caltech credentials

Duo second-factor credentials for services like access.caltech, Caltech Microsoft accounts, and Caltech single sign on (Shibboleth) accounts are considered Caltech credentials. Duo second factor credentials for these services can be backed up and restored using the Duo Mobile "Instant Restore" feature.

On iOS devices Duo Instant Restore is enabled by default so long as the device is set to backup to iCloud and has iCloud Keychain enabled. To restore previously backed up credentials on a new device, sign in to iCloud, enable iCloud Keychain, and then download the Duo Mobile app. Duo Mobile will locate the previously backed up credentials.

On Android devices, Duo Instant Restore must be enabled manually. This can be done in the Duo Mobile app by navigating to "Settings" > "Duo Restore" and enabling "Backup accounts with Google Drive". Additionally, you must have access to Duo Mobile on your old Android device in order to restore Duo credentials to your new device. To restore previously backed up credentials, on the new device install the Duo Mobile app and select "I have existing accounts" on the welcome screen. Select the Google account that was used when setting up Duo Restore. Open Duo Mobile on the old phone and navigate to "Settings" > "Connect a new phone" > "View QR code". From the new phone select "Scan QR code" and then use the new phone to scan the QR code displayed on the old phone.

Third-party credentials

The Duo Mobile app can also be used to manage second-factor credentials for third-party services unrelated to Caltech. For example, a company you have an account with may ask you to scan a QR code with an authenticator app in order to set up an OTP (One-time password) credential. Duo Mobile is one of a number of authenticator apps that can be used for this purpose. If you've used the Duo Mobile app in this way, backing up and restoring these credentials is separate from Caltech credentials.

On iOS devices Duo Restore for Third-Party Accounts must be enabled manually. To do this, navigate to "Settings" > "Backup third-party accounts" and create a recovery password. Make sure to store this password safely, such as in a password manager, since neither Duo nor Caltech IMSS can restore this password for you if you lose it. When restoring from iCloud backups on a new device, Duo Mobile will attempt to restore third-party accounts. Duo will prompt you for the recovery password you created.

On Android devices Duo Mobile will prompt you to enable backup for third-party credentials when configuring backup for Caltech credentials. If you did not enable backup for third-party accounts at that time, you can always enable it later by navigating the Duo Mobile app to "Settings" > "Duo Restore" and enabling "Automatically reconnect third-party accounts". Duo will prompt you to create a recovery password. Make sure to store this password safely, such as in a password manager, since neither Duo nor Caltech IMSS can restore this password for you if you lose it. When recovering Duo credentials on a new device, if any third-party credentials are found, you will be prompted to enter your recovery password to restore those credentials.