I called support and the answer is you need to use the duo mobile app, I’m just wondering if anyone has a work around so that clients arent forced to install duo if they already have a 2-factor application of choice.
The Duo Mobile app and Duo’s service are designed to work together. Only the Duo Mobile app can be activated for use with Duo’s cloud service (push, phone call, or generated passcode authentication to a Duo protected application or service). You can use Duo Mobile to replace other passcode-generating apps for third-party accounts, but can’t use those other apps to replace Duo Mobile.
Thanks for trying Duo.
Hi Kristina, that’s fine, but I see no way to back up the accounts using a
very strong password or other means. If you lose your phone, you lose all
access to certain 2 factor sites that do not use 2 factor sms (which is
losing popularity due to social engineering hacking exploits). Any
If someone loses their phone and needs Duo account recovery, their administrators can send them a reactivation link or make a self-service portal available where users can re-enroll devices themselves.
Typically when you enable 2FA on third-party sites you’re provided with some backup codes to securely store in case recovery is needed. If someone were to lose their phone AND their offline backup codes, then yes, life can get difficult. To that end some people may choose to continue using a preferred app for third-party accounts that allow operations like sync across devices or backup and restore to any device, and use Duo Mobile just for Duo-protected applications.
In the scenario you describe it sounds like your users may already be using other passcode apps with some sync or backup/restore feature for third-party services, and just want to know if Duo’s service requires installing the Duo Mobile app (too), which it does.
Since Duo supports hard tokens based on the OATH standard, you can generate fake hard tokens for your users and use the private seed to generate the QR code for various other apps. We’re doing this to allow our users to use the HOTP portion of Yubikeys or enroll non-Duo apps. We do, however, require that they have another device enrolled in Duo before allowing them to do this.