Duo Mobile on Android - Guide to Duo security with two-factor authentication (2023)

The Duo Mobile app makes authentication simple: just tap "Approve" on the login request sent to your Android device. You can quickly generate login passwords even without an internet connection or cellular service.

If you need help installing or using Duo Mobile, contact your organization's IT helpdesk or Duo admin.

Are you looking for Duo for your organization? More information on doublesMulti-Factor Authentication (MFA)solutions

Changes to Duo Mobile

We've redesigned Duo Mobile to offer an updated login experience. Learn more about what's new in Duo Mobile version 4 in this video tutorial:

Install Duo Mobile

For the latest version of Duo Mobile, go toGoogle Play.

Supported platforms:The current version of Duo Mobile supports Android 8 and higher.

Duo does not offer official support for non-standard custom Android distributions such as OnePlus, LineageOS, or ColorOS, nor is Duo Mobile compatible with ChromeOS.

To see which version of Duo Mobile is installed on your device, go to AndroidIdeastap no menuto form, scroll down and tapmobiles Duo. The Application Information screen displays the version.

Activate Duo Mobile for the first time

If youSign up for Duo for the first timeand want to add an Android device or use Duo Push, you will see a QR code that you can scan with the Duo Mobile app to complete activation.

Launch Duo Mobile and tapcreate an account.

Tap to continue adding your first Duo account to Duo MobileUse a QR code.

Use your camera to scan the QR code displayed by the Duo sign-in in your browser. If you are asked to allow Duo Mobile to take photos and videos, please grant it.

Give the new account a name to finish adding it to Duo Mobile.

It's a good idea to take a few minutes to practice forwarding and rejecting Duo authentication requests if you've never used Duo before. TouchAgora-Praxisto step through some training screens like this one. If you are familiar with Duo Mobile to sign in to apps, tapJump.

Your newly added Duo account will appear in the accounts list. You can now respond to Duo-Push authentication requests or generate passwords to log into apps.

double press

If you authenticate with Duo Push, you will receive a login request on your phone, just pressto permitto authenticate

If you get an unexpected login prompt, tapdenyto reject the application. You will be asked if the login is suspicious. If you're not trying to sign in to a Duo-secured app or service and the prompt isn't recognized, tapSimto notify your organization's Duo admin. If you made a mistake or the login is not suspicious, tapNOdeny the request without reporting it.

Duo push and notifications

When the duo-push notification appears on the screen, tap on the indicated spot to see the available actions:to permitÖdeny.

Beatto permitin the notification to complete signing in to the Duo-protected app.

Tapping the push request notification itself (rather than tapping the notification actions) takes you to the full screen Duo Push on Duo Mobile.

If your phone is running Android 13 or later, you may need to enable duo push notifications.

To enable duo push notifications:

• Tap and hold the Duo Mobile app icon and select itapplication information. On the next Duo Mobile app information screen, tapnotifications. HebelAll notifications from Duo Mobilehold on

fingerprint verification

Duo Mobile also supports fingerprint verification for Duo Push-based logins as an additional layer of security to verify your user identity. If you're using a device with a fingerprint reader, you'll need to scan your finger each time you authenticate with Duo Mobile (if required by your administrator).

If you can't scan your fingerprint with the sensor, you can also approve Duo's authentication request with your device password (the same one you use on your Android lock screen).

Verified duo push

Your organization may want you to enter a verification code when approving a Duo Push request, which will appear in the universal Duo prompt on Duo Mobile. This protects you from approving sign-in requests you didn't make and helps protect your accounts and information.

You must have Duo Mobile version 4.16.0 or later installed on Android 8 or later to verify a Duo Push request with a code.

If your organization requires Duo-Push verification, the universal Duo Prompt will display a six-digit code on your screen when you use Duo-Push to log in to this app.

Enter the code shown on the Duo Mobile screen and tapCheck overto approve the login request.

If you enter an incorrect code, tapACCORDINGLYon your phone and return to the Duo Universal prompt where you can click or typeOther optionsto choose a different sign-in method, or try Duo Push again.

If you get a duo push prompt on your phone and don't try to log in to this app, tapI don't sign upto reject the application. You will be asked if the login is suspicious. TouchSimto notify your organization's Duo admin, or tapNOif you made a mistake or the login is not suspicious.

passwords

Tap an account to get a one-time passcode to log in. It is workingoverall, even in places where you don't have an internet connection or where you don't have cell service.

If the account is a Duo-protected app or service (ieRegistered this device with Duo and activated the app for Duo Push), the passcode displayed is valid until used. TouchUpdate passwordto generate a new duo password.

If the account is a third-party OTP account (i.e. youSigned in to another service like Gmail and added this device as an authenticator app), you will see a 30 second countdown indicator under the password. If you don't use this password before it expires, the account will be updated with a new password and the countdown will restart.

If you need to use the password displayed on Duo Mobile in another mobile app, tapCopyand paste it into the other application.

Add more accounts to Duo Mobile

To add additional accounts to Mobile Duo, tapAdd toin the top right corner of your account list to access the account type selector.

If the new account you want to add shows a QR code to scan with an authenticator app, tapUse QR codesinceAdd accountList. Scan the QR code with your camera to add the account to Duo Mobile.

You can also select the type of account you want to add from the list and then add that account by scanning a QR code or by entering an activation code that you received from this app.Learn more about adding third-party accounts to Duo Mobile

security check

Duo Mobile's security check compares your device's settings to Duo's recommended security settings and lets you know if settings on your device don't match.

This Android device has up-to-date software and all security settings recommended by Duo:

This Android device is a few Android versions behind the latest:

Tap a detected issue to learn more about that specific setting and how to update your device with the recommended settings.

Tap on the menu and go tosecurity checkon Duo Mobile to see the security status of your device at any time.

Third Party Accounts

Duo Mobile supports generating shortcodes for login to 3rd party TOTP accounts like Google and Dropbox.Learn more "

edit accounts

To make changes to an account in your account list, tap the account to expand it, then tap the three dots in the top-right corner of the account card to open account options.

BeatMotorto reorder your account list (appears if you have more than one Duo Mobile account). Use the up or down arrows that appear to the left of each account name (or tap and hold the icon on the right side of the account card) to change an account's position in the list. TouchCompletedwhen you're done reorganizing your accounts.

Beatrenameto change the name of an account. Enter a new account name and tapSave on computerto accept the new name.

Delete an account by tappingExtinguish. If you delete an account, you will no longer be able to use it to log in and it will also be removed from your Duo Mobile backup, so you will no longer be able to log inrestore somethingthis later. If you really want to delete this account, tapExtinguishin the confirmation message. TouchCancelif you don't want to delete the account.

Restore Backup

If your administrator has enabled the Duo Mobile backup and restore feature and you have already backed up your Duo protected accounts from the app to Google Drive, you can restore your accounts to a new Android device using the process-guided restore to Duo Mobile. You can also perform account recovery with a third party if you have previously opted for third party account recovery. Start the account recovery process by tappingI have existing accountson the Duo Mobile welcome screen.

Check out the full guide to Duo Restore for Android.

mobiles Look-Duo

adaptive view

The list of accounts in Duo Mobile adapts to you. Rotating your device to landscape also rotates your Duo Mobile account list.

The individual accounts shown in the list also change their appearance, showing full account information when you have only a few accounts and switching to a minimized account view when you have many accounts to minimize scrolling in the app.

Dark Theme

Duo Mobile dark theme depends on your Android system settings. There is no in-app option to enable dark theme. If your device has system-wide dark settings enabled, Duo Mobile will automatically switch to the dark theme.

You can enable dark theme on Android in several ways:

• OrIdeas→Show→Isand selectDark Theme.
• Open Android settings from the notification bar and tapDark Theme.

Troubleshooting

see theCommon Problems Guidefor more troubleshooting tips or visit thedual knowledge base. If you can't resolve your issue with Duo Mobile, contact your Duo administrator or your organization's technical support.

Push troubleshooting

If your phone is running Android 13 or later, you may need to enable duo push notifications.

To enable duo push notifications:

• Tap and hold the Duo Mobile app icon and select itapplication information. On the next Duo Mobile app information screen, tapnotifications. HebelAll notifications from Duo Mobilehold on

If you sign in to a Duo-secured app but don't get the expected Duo Push authentication prompt, try closing and reopening Duo Mobile. Duo Mobile checks for pending push requests each time it is opened. If that doesn't work, check them outDuo Knowledge Base for additional Android troubleshooting steps.

Troubleshooting encryption

Mobile device encryption helps protect the data on your device.

Duo considers your device encrypted if you enable password, PIN, or pattern authentication at startup. Without this setting, your device's encryption is less secure and you may not be able to access services or applications protected by Duo.

To enable encryption on your Android device:

1. navigate toIdeas→Security→lock screen.
2. Enable the password, PIN, or pattern to be asked for when starting the device.
3. If you have a Samsung device, you will also need to enable "Secure Boot" or "Strong Protection" in your device settings and ask for a PIN when starting your device.
4. Close and reopen Duo Mobile.

If, after completing the steps above, you're still having trouble with the full disk encryption error popping up on Duo Mobile, try disabling this setting and then re-enabling it. This can happen because some Android device manufacturers set a default password to encrypt the phone. While your phone can say it's encrypted, technically it's not fully encrypted until you set your own PIN/password/pattern at startup through your phone's settings. Encrypting with your own password is the most secure option.

Additional points to consider:

• On Samsung devices, "Secure Boot" or "Strong Protection" will be automatically disabled if you enable access permission.
• Some newer devices (e.g. Google Pixel) running Android 7.0 and higher support file-based encryption and can be expected to be encrypted when launching Duo without a PIN.