OpenAI Fortifies ChatGPT Accounts: Advanced Security Arrives

Securing the AI Frontier

OpenAI's introduction of Advanced Account Security is a crucial step in addressing the growing security concerns surrounding AI platforms, especially as they handle increasingly sensitive data. By mandating phishing-resistant authentication methods like passkeys and physical security keys, and tightening account recovery processes, they are significantly raising the bar against common attack vectors. The automatic exclusion from model training for users of this feature is a particularly noteworthy privacy enhancement. This initiative demonstrates a proactive approach to cybersecurity, recognizing the elevated risks faced by users in high-stakes professions and the general public as AI becomes more integrated into daily life and work. The partnership with Yubico to offer discounted security keys further lowers the barrier to entry for adopting these advanced protections, making strong authentication more accessible.

However, the increased responsibility for account recovery, with OpenAI Support unable to assist, presents a potential point of friction. While this restriction is necessary to maintain the integrity of the advanced security measures, users must be thoroughly educated on managing their backup passkeys, security keys, and recovery keys. The requirement for individual members of 'Trusted Access for Cyber' to enable this feature by June 1, 2026, highlights its importance for critical infrastructure and national security applications. The long-term implications for enterprise adoption and integration with existing SSO workflows are also significant, suggesting a future where robust AI account security becomes a standard expectation rather than an opt-in feature. This move positions OpenAI as a leader in responsible AI deployment, setting a precedent for how other AI service providers might approach user security in the future.

Key Points

• OpenAI introduces 'Advanced Account Security,' an opt-in feature for ChatGPT and Codex accounts.
• The feature mandates phishing-resistant authentication like passkeys and physical security keys, disabling password-based logins.
• Account recovery is tightened, disabling email/SMS recovery and requiring backup passkeys, security keys, or recovery keys, with no OpenAI support for recovery.
• Conversations from accounts with Advanced Account Security enabled are automatically excluded from model training.
• OpenAI is partnering with Yubico to offer discounted security keys to users.
• This feature will be mandatory for individual members of 'Trusted Access for Cyber' starting June 1, 2026.

---

📖 Source: Introducing Advanced Account Security