OpenAI has launched Advanced Account Security, a new opt-in protection layer for ChatGPT and Codex accounts, designed to prevent account takeovers as AI tools become central to personal and business workflows. The update replaces traditional passwords with passkeys and security keys, while tightening recovery and session controls to reduce unauthorized access.

The decision matters because ChatGPT accounts can now hold sensitive personal information, business context, and connections to external tools, making them more valuable targets for attackers. OpenAI is also removing standard recovery methods such as email and SMS for enrolled users, meaning people who enable the feature must rely on backup passkeys, security keys, or recovery keys instead of support-based recovery.

OpenAI says the feature is designed for people at increased risk of digital attacks, including journalists, elected officials, political dissidents, researchers, and security-conscious users, but it is available to anyone who wants stronger account protections.

In short, OpenAI is moving AI account security beyond passwords to reduce account takeover risk while giving users stronger protection and greater responsibility for recovery.

Advanced Account Security is an opt-in system that replaces password-based login with phishing-resistant authentication and stricter recovery controls to protect high-risk AI accounts.

OpenAI Advanced Account Security replaces passwords with phishing-resistant authentication and stricter recovery controls to reduce ChatGPT account takeover risk.

OpenAI says Advanced Account Security is designed for users whose ChatGPT accounts hold sensitive personal and professional information, particularly those at higher risk of targeted attacks.

The company points to groups such as journalists, elected officials, political dissidents, researchers, and security-conscious users, who may rely on ChatGPT for confidential work, analysis, or communication. As these accounts accumulate conversation history, business context, and connections to external tools, a single compromise could expose far more than just login credentials.

The feature is opt-in and available through ChatGPT’s web-based security settings, and protections extend to both ChatGPT and Codex accounts when accessed through the same login.

OpenAI also places this release within its broader cybersecurity efforts, saying it is part of a plan to expand access to tools that help protect individual users, organizations, and critical systems as ChatGPT becomes more widely used across personal and professional workflows.

Advanced Account Security brings together controls that strengthen sign-in protections, tighten account recovery, reduce exposure from compromised sessions, and give users more visibility into account activity. It does this by introducing changes across four areas: authentication, account recovery, session control, and data handling, and is available to opt into through ChatGPT’s web-based security settings, where OpenAI provides direct access to the discounted YubiKey bundle.

Advanced Account Security requires passkeys or physical security keys and disables password-based login entirely. This approach reduces exposure to phishing attacks, where attackers attempt to steal credentials through deceptive prompts.

To prevent attackers from exploiting weak recovery channels, the system disables email and SMS-based recovery, which could otherwise be used to gain access if a user’s email account or phone number is compromised. Instead, users must rely on:

OpenAI states that account recovery becomes the user’s responsibility under this model, meaning that if recovery credentials are lost, OpenAI Support cannot restore access to the account.

The update shortens active login sessions to limit the window of exposure if a device is compromised. Users also receive alerts for new logins and can review and manage active sessions across devices.

With Advanced Account Security enabled, conversations are automatically excluded from model training, so users handling sensitive information do not need to manually opt out.

To make stronger authentication more accessible, OpenAI has partnered with Yubico, a leader in hardware-based authentication, to offer discounted bundles of physical security keys—one of the most effective defenses against phishing attacks.

The bundle includes both:

While the partnership is part of the Advanced Account Security rollout, the bundle will be available to eligible users through ChatGPT’s web-based security settings, allowing more people to adopt phishing-resistant protection even if they are not enrolled in the feature.

Users can also choose any FIDO-compliant security key or software-based passkeys, giving flexibility in how they implement stronger authentication.

OpenAI says the goal is to make phishing-resistant security more practical and widely adopted, rather than limited to highly technical or security-focused users.

OpenAI says members of its Trusted Access for Cyber program—who receive access to more capable and permissive models—will be required to enable Advanced Account Security starting June 1, 2026.

Organizations in the program can alternatively confirm that they already use phishing-resistant authentication within their single sign-on systems.

This requirement reflects the company’s view that more powerful AI capabilities must be paired with stronger account protections, particularly for users working in sensitive or security-critical environments.

Q: What is OpenAI’s Advanced Account Security for ChatGPT?
A: OpenAI Advanced Account Security is an opt-in protection system for ChatGPT and Codex accounts that replaces passwords with passkeys and security keys while adding stricter controls for recovery, sessions, and data handling.

Q: How does Advanced Account Security work?
A: Advanced Account Security removes password-based login, requires passkeys or physical security keys, disables email and SMS recovery, shortens session duration, sends login alerts, and lets users review active sessions across devices.

Q: Why did OpenAI add stronger security for ChatGPT accounts?
A: OpenAI says ChatGPT accounts can store sensitive personal information, business context, and connections to external tools, which increases the risk and impact of account takeover.

Q: What happens if you lose access after enabling Advanced Account Security?
A: Users must rely on backup passkeys, security keys, or recovery keys, because OpenAI Support cannot restore access for accounts enrolled in Advanced Account Security.

Q: Who should consider turning on Advanced Account Security?
A: Advanced Account Security is especially relevant for journalists, elected officials, political dissidents, researchers, developers, and security-conscious users, but OpenAI says it is available to anyone who wants stronger protection.

AI accounts are becoming part of how people store sensitive information, manage work, and connect digital tools, which means a compromised account can expose far more than just login access.

Key point: OpenAI is treating ChatGPT accounts as high-value assets by replacing passwords with stronger authentication and removing weaker recovery methods like email and SMS.

Who should care: Business leaders, teams, and individual users should care because a compromised ChatGPT account can expose sensitive conversations, internal knowledge, health information, and connected workflows.

Why this matters now: AI tools are used for personal decisions and professional work and are often connected to email, storage, and business systems. As a result, a single compromised account can create broader access across both personal and business data.

What decision this affects: Users and organizations must decide whether to adopt passkeys or hardware security keys, and how to manage recovery credentials without relying on traditional support-based recovery.

In short: AI account security now requires stronger authentication and clear recovery setup. OpenAI’s update improves protection, but it also means users—not support—are responsible for maintaining access.

AI is no longer just a tool you access—it is becoming a system that holds your most important context, and that changes how it must be secured.

Editor’s Note: This article was created by Alicia Shapiro, CMO of AiNews.com, with writing support, AEO/GEO/SEO optimization, image concept development, and editorial structuring support from ChatGPT, an AI assistant. All final editorial decisions, perspectives, and publishing choices were made by Alicia Shapiro.