OpenAI Launches Advanced Account Security for ChatGPT

Advanced Account Security Launch

OpenAI on Thursday introduced Advanced Account Security, a new opt-in setting for ChatGPT designed for users who want stronger protection or face higher risks of digital attacks. The company said the new feature was created in response to how people are increasingly using ChatGPT to handle more sensitive and high-stakes tasks.

“People are turning to AI for deeply personal questions and increasingly high-stakes work. Over time, a ChatGPT account can hold sensitive personal and professional context, and sit at the center of connected tools and workflows,” OpenAI said in a statement. “For some people, like journalists, elected officials, political dissidents, researchers, and those who are especially security-conscious, the stakes are even higher.”

Feature Overview and Access

OpenAI said the feature is intended to give users more control over security and privacy while centralizing protections in one place. Available in web account settings, the feature applies to ChatGPT and Codex accounts using the same login.

Authentication Requirements

The Advanced Account Security setting requires passkeys or physical security keys instead of passwords, while limiting account recovery to backup passkeys, security keys, or recovery keys, and removing email and SMS options. That means OpenAI cannot assist with account recovery if those methods are unavailable.

“Using physical security keys, such as YubiKeys, is one of the strongest defenses against phishing,” the company wrote. “To make that level of protection easier to access, we have partnered with Yubico, a leader in hardware-based authentication and account protection, to offer our users preferred pricing on a customized bundle of best-in-class security keys.”

OpenAI said it will offer a discount on a bundle that includes two keys for everyday use and backup. Users can also use other FIDO-compliant security keys or software-based passkeys.

Session Management and Monitoring

Sign-in sessions are shortened to limit exposure if a device is compromised. Users receive alerts for logins and can review active sessions across devices.

Data Handling and Model Training

The setting also changes how user data is handled. Conversations from accounts enrolled in Advanced Account Security are automatically excluded from model training.

Requirements for Trusted Access Program

The Advanced Account Security rollout also includes changes for users in OpenAI’s “Trusted Access for Cyber” program, which provides access to more capable and permissive models. Members of the program will be required to enable Advanced Account Security starting June 1. Organizations can instead confirm they use phishing-resistant authentication through single sign-on systems.

Future Expansion

“Privacy and security are foundational to how we build all of our products and we’ll continue investing in protections that give people more control and stronger safeguards over time,” OpenAI wrote. “We expect to extend this work to additional audiences, including enterprise environments, where stronger account security can matter just as much.”