OpenAI has introduced Advanced Account Security, a new security feature for ChatGPT that significantly enhances the protection of personal accounts. This feature is designed for users with higher exposure to digital threats, such as journalists, researchers, public officials, activists, cybersecurity professionals, or individuals working with sensitive information, although any eligible personal account can activate it to elevate its security level.
The move confirms a clear trend: AI accounts are increasingly resembling critical accounts. They no longer only store casual questions or trivial conversations. They may contain professional context, drafts, code, documents, product ideas, personal information, integrations with external tools, and complete workflows. In this scenario, account theft is not just an inconvenience—it can lead to data breaches, exposure of intellectual property, or access to connected environments.
Passkeys and physical keys as a new starting point
The most visible aspect of Advanced Account Security is the removal of password-based access. When activated, ChatGPT requires login via passkeys or FIDO-compatible physical keys, such as a YubiKey or equivalent devices. OpenAI also disables login codes sent via email or SMS and blocks standard account recovery through these channels.
From a technical perspective, this decision makes sense. Passwords remain one of the most exploited vulnerabilities: they are reused, leaked, poorly stored, captured through phishing, or end up in breached databases. SMS-based authentication is also not ideal for sensitive accounts, as it can be compromised via SIM duplicates, redirections, social engineering, or device theft.
Passkeys and physical keys mitigate much of this risk because they rely on public-key cryptography and are designed to resist phishing attacks. If a user attempts to log in on a fake website, the key will not authenticate access as a manually entered password would. For high-risk profiles, this difference is especially significant.
OpenAI has also announced a collaboration with Yubico to offer eligible users a security key package at a discounted price. The company mentions a YubiKey C Nano, designed to stay connected to a laptop, and a YubiKey C NFC for backup and use on other devices. However, Advanced Account Security does not require purchasing a YubiKey: alternative FIDO-compatible keys or software-based passkeys are also accepted.
Enhanced security, but much stricter recovery
The less convenient aspect of this update is account recovery. Advanced Account Security improves protection against account hijacking but demands more discipline from users. To activate it, at least two secure login methods must be configured, including one that works across devices. Users must also store recovery keys.
If a user loses all passkeys, physical keys, and recovery keys, they could lose access to their account. OpenAI warns that its support team will not be able to use standard methods to recover it: account recovery via email, password reset, disabling Advanced Account Security, or adding/removing login methods will be unavailable while protection remains active.
This makes the feature a powerful tool but not suitable for activation without preparation. It’s recommended to have a primary key for daily use, a backup stored securely, and recovery keys saved outside the main device. Each recovery key is single-use, and if exposed or compromised, they can be replaced through security settings.
OpenAI also adds a 48-hour waiting period upon recovery with a valid key. This delay reduces the risk of an attacker, who has obtained a recovery key, taking immediate control of the account. While potentially inconvenient for legitimate users, for high-value accounts, the goal is clear: buy time against hijacking attempts.
Shorter sessions and automatic exclusion from training
Advanced Account Security also shortens active session durations. This means users will need to re-authenticate more frequently, but it reduces exposure if a device is compromised or an open session is hijacked. The feature includes login alerts and allows users to review and manage active sessions on different devices.
An important privacy aspect is that conversations from accounts with Advanced Account Security enabled are not used to train OpenAI models. For users handling particularly sensitive information, this automatic exclusion alleviates the need for additional configuration.
This security applies to both ChatGPT and Codex when accessed with the same login. This is particularly relevant for developers, as Codex may be connected to programming environments, repositories, or workflows involving sensitive code. Protecting access becomes part of the security chain within development processes.
OpenAI also links this feature to its Trusted Access for Cyber program. Individual members accessing the most capable and permissive models for cybersecurity tasks will be required to activate Advanced Account Security starting June 1, 2026. Trusted organizations can alternatively demonstrate they already use phishing-resistant authentication as part of their Single Sign-On setup.
A layer designed for personal accounts, not for Enterprise
A key limitation is that Advanced Account Security is available only for eligible personal ChatGPT accounts in supported regions. It is not available for ChatGPT Enterprise, managed corporate accounts, or accounts tied to a managed enterprise domain. In those environments, organizations typically implement their own identity policies, SSO, MFA, SCIM, device management, and security controls.
OpenAI has indicated plans to extend this type of security to other audiences, including enterprise environments. This makes sense, as ChatGPT, Codex, and other AI systems are increasingly integrated into corporate workflows. Identity security will become as critical as data security and API controls. Within organizations, these protections will need to be combined with centralized policies, audit logs, permission management, and incident response.
For individual users, the advice is more straightforward. Anyone using ChatGPT for sensitive tasks should review and update their security settings. Advanced Account Security can be a good choice if they are prepared to manage recovery requirements. For those preferring a less strict protection, OpenAI still recommends essential measures like strong passwords, password managers, multi-factor authentication, and caution with suspicious links or emails.
The arrival of this feature also sends a broader message: AI security is not just about content filtering, model protection, or misuse controls. It begins with something fundamental—preventing accounts from falling into the wrong hands. As these systems carry more context, their value to attackers grows.
Password security was sufficient during an era when many digital services were isolated and low-risk. Now, with AI agents, assisted coding, connected tools, and conversation histories containing personal and professional context, that approach is insufficient. OpenAI is steering high-risk users toward a more resilient model: no passwords, no SMS, but security keys, passkeys, and more rigorous recovery processes. While less convenient, this approach is much better suited for accounts embedded in daily digital infrastructure.
Frequently Asked Questions
What is OpenAI’s Advanced Account Security?
It is an advanced security option for eligible personal ChatGPT accounts. It enhances login security, removes passwords and weak recovery channels, shortens sessions, and provides more visibility over access.
What login methods are required?
It requires passkeys or FIDO-compatible physical security keys. To enable it, you must set up at least two secure methods, including one that works across devices.
What if I lose my keys or passkeys?
You will need to have saved your recovery keys during setup. Losing all access methods and recovery keys could result in losing access to your account, as OpenAI notes support cannot assist in recovery under these conditions.
Is Advanced Account Security available for businesses?
No, it is not available for ChatGPT Enterprise, managed corporate accounts, or accounts tied to enterprise domains. Its initial rollout is focused on eligible personal accounts.