OpenAI has introduced a new security feature that allows users to completely abandon passwords, replacing them with stronger login methods designed to block modern cyberattacks.
The feature, called Advanced Account Security, is an opt-in setting for users of ChatGPT and Codex. Once enabled, it removes traditional email-and-password logins and replaces them with passkeys or physical security keys. The move comes as AI accounts increasingly store sensitive personal and professional data, making them attractive targets for hackers.
How it works: No more password123
If you choose to switch on this new mode, the traditional email and password login disappears entirely. In its place, you’ll need to use either a passkey (stored on your phone or computer) or a physical security key (like a USB thumb drive).
To make the transition easier, OpenAI has teamed up with Yubico to offer a discounted bundle of two security keys for $68, a significant drop from the usual $126 retail price. This setup ensures that even if a hacker steals your email address, they can’t access your ChatGPT account without your physical device in their hands.
“Users continue to use ChatGPT for some of their most sensitive and personal matters, and it only makes sense that we as a company try to make available capabilities that meet our users with how they use our product,” said Ogbeide Oigiagbe, a member of OpenAI’s product team, per Axios.
This level of security is essentially a digital vault, but it comes with a major catch: there is no “Forgot Password” button. Once you enable Advanced Account Security, OpenAI disables recovery via email or SMS. This is a deliberate move to prevent SIM-swapping attacks, but it means that if you lose your physical keys and your backup codes, you are locked out forever.
OpenAI is being very clear that their support team cannot bail you out if you lose access.
Who is this for?
While anyone can turn this on, OpenAI is specifically eyeing people with a target on their back. The company noted that “For some people, like journalists, elected officials, political dissidents, researchers, and those who are especially security-conscious, the stakes are even higher.”
In fact, for certain high-level users in OpenAI’s “Trusted Access for Cyber” program, this isn’t just a suggestion; it becomes mandatory starting June 1, 2026.
More must-read AI coverage
Beyond just the login process, the new mode adds a few more layers of privacy:
- Automatic privacy: Conversations from these accounts are automatically excluded from being used to train OpenAI’s AI models.
- Shorter sessions: Your login won’t last as long, meaning if you leave your laptop open at a coffee shop, the window for someone to snoop is much smaller.
- Login alerts: You’ll get a notification every time someone logs in to your account, with a dashboard to flag any suspicious devices.
For most users, Advanced Account Security may be more protection than they need. But for people whose ChatGPT accounts contain sensitive work, research, sources, or personal data, the feature offers a stronger defense against phishing and account takeover attempts.
The safest move is also the least glamorous: set up more than one security key, store backup codes somewhere secure, and do not enable the feature until recovery planning is done.
For more on how this shift is reshaping the AI cloud race, check out our full breakdown of Amazon’s move to bring OpenAI models to AWS after Microsoft’s exclusivity ended, opening the door to a new multi-cloud era.
Read the full article here
