OpenAI Launches Advanced Account Security Feature
OpenAI has introduced Advanced Account Security for ChatGPT and Codex users, replacing traditional password-based logins with passkeys and hardware security keys. As a result, the feature strengthens protection against phishing and credential-based attacks. At the same time, it reflects a broader shift toward passwordless authentication systems.
Authentication and Enrollment Process
The optional feature is available through ChatGPT’s web interface under security settings. During setup, users complete a structured enrollment process that replaces passwords with secure authentication methods. Instead, access requires either hardware security keys or software-based passkeys stored on personal devices.
Users must register at least two credentials, which ensures redundancy in case one method becomes unavailable. For example, combinations may include two hardware keys or a mix of hardware and software passkeys. In addition, at least one software passkey must sync with a cloud service such as Google Password Manager or iCloud Keychain.
Moreover, OpenAI partnered with Yubico to offer compatible hardware keys, although other supported devices remain usable. Consequently, users gain flexibility while maintaining strong authentication standards.
Security Enhancements and Trade-offs
The system removes SMS and email-based recovery options, which reduces exposure to phishing and SIM-swapping risks. Instead, it provides backup recovery codes during enrollment. Therefore, users must securely store these codes to maintain account access.
Additionally, login sessions are shorter, which limits potential exposure if a device becomes compromised. Users can also monitor active sessions and receive alerts for new logins, which improves account visibility. However, the design prevents external recovery support, so losing all credentials and backup codes results in permanent account loss.
Broader Cybersecurity Strategy
This feature forms part of a wider security initiative by OpenAI. Earlier developments include expanded access to cybersecurity programs and specialized AI models focused on defensive applications. As a result, the company continues to reinforce its position in secure AI deployment.
Meanwhile, users retain the option to disable Advanced Account Security if they require more flexible access. Therefore, the system balances high-level protection with user control, depending on individual risk profiles.
