OpenAI

OpenAI Launches Advanced Account Security for High-Risk ChatGPT and Codex Users


Executive Summary

OpenAI has introduced "Advanced Account Security," a new opt-in setting for ChatGPT and Codex accounts designed to protect users against unauthorized access and account takeovers. The feature enhances security by disabling password-based logins in favor of phishing-resistant methods like passkeys and physical security keys. It also strengthens the account recovery process, automatically excludes user conversations from model training, and is targeted at individuals at high risk of digital attacks, such as journalists and officials.

Key Takeaways

* Phishing-Resistant Login: The feature disables traditional password-based login, requiring users to sign in with passkeys or FIDO-compliant physical security keys.

* Secure Account Recovery: Email and SMS-based account recovery are disabled. Users must rely on backup passkeys, security keys, or recovery keys, and OpenAI Support cannot assist with recovery for enrolled accounts.

* Automatic Training Opt-Out: Conversations from accounts with this feature enabled will automatically be excluded from use in training OpenAI's models.

* Enhanced Session Management: Sign-in sessions are shortened to reduce the window of exposure, and users receive alerts for new logins and can manage active sessions across devices.

* Yubico Partnership: To encourage adoption, OpenAI has partnered with Yubico to offer users preferred pricing on a bundle of security keys.

* Availability: The feature is available now as an opt-in setting on the web. It will become mandatory for individual members of the "Trusted Access for Cyber" program beginning June 1, 2026.

Strategic Importance

This initiative strengthens OpenAI's security posture, making its platform more trustworthy for professionals and enterprises handling sensitive information and addressing a critical prerequisite for deeper integration into high-stakes workflows.

Original article