Do Son 
In an era where AI interactions hold increasingly sensitive personal and professional context, OpenAI has announced the launch of Advanced Account Security, a new opt-in suite of heightened protections for ChatGPT and Codex accounts. Designed for high-risk users—including journalists, elected officials, and researchers—this initiative aims to set a new gold standard for phishing-resistant authentication in the AI space.
As ChatGPT moves to the “center of connected tools and workflows,” the stakes for account security have reached an all-time high. OpenAI recognizes that for many, an account takeover is no longer just a privacy breach but a systemic risk to sensitive projects.
Key features of the Advanced Account Security suite include:
- Mandatory Phishing Resistance: The setting requires the use of passkeys or physical security keys, effectively disabling password-based logins.
- Tightened Recovery Windows: To prevent attackers from exploiting compromised email or phone numbers, OpenAI is disabling email and SMS-based recovery.
- Automatic Data Privacy: For those handling high-stakes data, conversations from these accounts are automatically excluded from model training.
- Session Management: Sessions are shortened to “reduce the window of exposure if a device or active session is compromised.”
As the OpenAI blog notes, “Increased protection of Advanced Account Security comes with an increased responsibility for account recovery.”
Because recovery is restricted to backup passkeys and hardware keys, OpenAI Support will be unable to assist users who lose access to their primary secure methods.
To lower the barrier for adopting hardware-based authentication, OpenAI has partnered with Yubico. This collaboration provides users with preferred pricing on customized security key bundles, including the YubiKey C Nano for low-friction daily use and the YubiKey C NFC for mobile and backup capabilities.
While this bundle is launched alongside the Advanced suite, it is available to all eligible users in their security settings, encouraging a platform-wide shift toward phishing-resistant habits.
The security push extends beyond individual choice for those in OpenAI’s specialized programs. Members of Trusted Access for Cyber—who have access to the most capable and permissive models—will be required to enable Advanced Account Security starting June 1, 2026.
Organizations can alternatively attest that they utilize phishing-resistant authentication within their existing Single Sign-On (SSO) workflows to meet this requirement.
OpenAI’s latest move reflects its transition into “core infrastructure for AI,” where intelligent systems are reshaping how businesses operate. By embedding these controls now, the company aims to ensure that as AI becomes more deeply integrated into daily life, users retain the necessary controls to protect their privacy and security.
Users interested in these elite-level protections can enroll in Advanced Account Security via the Security section of their ChatGPT account on the web starting today.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
