OpenAI Launches Advanced Account Security, Mandating Passkeys for High-Risk Users

Article Summary

OpenAI has launched 'Advanced Account Security,' a comprehensive, opt-in protection layer for ChatGPT and Codex accounts designed for users handling high-stakes or sensitive data (e.g., journalists, researchers). This new system dramatically strengthens account security by mandating the use of passkeys or physical security keys (like YubiKeys), effectively disabling less secure methods like password logins, email, and SMS recovery. Users must now utilize backup passkeys or dedicated security keys for recovery. Furthermore, the feature shortens active sign-in sessions, provides granular session management, and automatically excludes conversations from model training for enrolled users. OpenAI is also setting a precedent by requiring all 'Trusted Access for Cyber' members to adopt this security layer by June 2026, signaling a professionalization of AI usage that prioritizes institutional-grade security.

Key Points

• Advanced Account Security mandates phishing-resistant sign-in (passkeys/physical keys) and eliminates less secure recovery methods (email/SMS) to drastically raise the bar for account protection.
• The feature adds corporate-grade controls, such as automatically excluding conversation data from model training, which is critical for handling sensitive professional or research information.
• OpenAI's adoption of hardware key partnerships and the mandatory rollout for key enterprise groups solidify the platform's move into core, highly regulated infrastructure for professional use.