OpenAI has launched Advanced Account Security, an opt-in protection mode designed for ChatGPT and Codex users at high risk of phishing attacks or account takeovers. The initiative replaces traditional passwords with hardware security keys or passkeys, according to reports from Wired and TechCrunch.
This new security layer includes several key features tailored for vulnerable accounts. Users can authenticate using YubiKey hardware keys through a fresh partnership with security provider Yubico, specifically supporting models like the YubiKey C NFC and C Nano. Additional safeguards encompass real-time security alerts, shorter login sessions to limit exposure, and backup recovery keys for account restoration.
The rollout targets individuals and organizations most likely to face sophisticated threats, such as researchers, journalists, or executives handling sensitive AI interactions. As detailed in coverage from Ground News and Mezha Media, this password-free approach aims to eliminate common phishing vulnerabilities, where attackers trick users into revealing credentials.
OpenAI's move underscores growing concerns over AI platform security amid rising cyber threats. With millions relying on ChatGPT for work and research, compromised accounts could expose proprietary data or disrupt critical operations. The company is accelerating broader cyber defenses, including partnerships with leading security firms via its Trusted Access for Cyber program, which leverages advanced models like GPT-5.4-Cyber.
For high-risk users, adoption is straightforward: enable the mode in account settings, pair a compatible key, and follow setup prompts. While opt-in keeps it accessible for everyday users, those opting in gain enterprise-grade protections without mandatory changes. Yubico's involvement ensures seamless integration, building on hardware keys' proven track record against remote attacks.
This initiative matters as AI tools become central to business and innovation, affecting developers, enterprises, and everyday professionals who store prompts, APIs, or custom models in their accounts. Next steps include wider availability of supported keys and potential expansions to other OpenAI services, as the company continues investing in cyber ecosystem grants and tools.
Early feedback highlights the mode's user-friendliness, with passkey options for those without hardware. Security experts note it aligns with industry shifts toward phishing-resistant authentication, potentially setting a standard for AI platforms facing nation-state-level threats.