Introducing Advanced Account Security

2026-04-28 · Source: OpenAI News · Field: Technology & Digital — Cybersecurity & Data Privacy, Artificial Intelligence & Machine Learning · Depth: Intermediate, short

Summary

OpenAI introduced Advanced Account Security on April 30, 2026, an opt-in setting for ChatGPT and Codex accounts designed for users at high risk of digital attacks or those desiring robust protection. This feature consolidates heightened security measures to prevent account takeovers. Key components include requiring passkeys or physical security keys for sign-in, disabling password-based login, and restricting account recovery to stronger methods like backup passkeys or recovery keys. It also shortens sign-in sessions, provides login alerts, and automatically excludes conversations from model training. OpenAI partnered with Yubico to offer preferred pricing on security key bundles, making phishing-resistant authentication more accessible. Additionally, individual members of Trusted Access for Cyber will be required to enable this feature by June 1, 2026, or organizations can attest to equivalent phishing-resistant authentication via SSO.

Key takeaway

For CTOs and VPs of Engineering evaluating AI platform security, OpenAI's Advanced Account Security offers critical enhancements for high-risk users. You should assess its opt-in features, particularly the shift to passkeys and physical security keys, to determine if it meets your organization's security posture for sensitive AI workloads. Consider mandating this feature for teams handling highly confidential data or those identified as high-value targets to mitigate account takeover risks effectively.

Key insights

OpenAI's Advanced Account Security enhances ChatGPT and Codex protection through phishing-resistant authentication and stricter recovery.

Principles

• Prioritize phishing-resistant authentication.
• Restrict account recovery to strong, user-controlled methods.
• Provide users with clear session visibility and control.

Method

Advanced Account Security requires passkeys or physical security keys, disables password-based login, and restricts account recovery to backup passkeys, security keys, or recovery keys, while also shortening session durations.

In practice

• Utilize passkeys or physical security keys for sign-in.
• Review and manage active sessions regularly.
• Consider Yubico security keys for enhanced protection.

Topics

• Advanced Account Security
• Phishing-Resistant Authentication
• Passkeys
• Physical Security Keys
• Model Training Exclusion

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, Research Scientist, IT Professional

Related on AIssential

• OpenAI announces new advanced security for ChatGPT accounts, including a partnership with Yubico — Hardware security keys offer robust phishing protection for high-value AI accounts but require careful management.
• While Everyone Watches Glasswing, Attackers Are Walking Through Your Front Door. — Most major cyberattacks exploit common, known vulnerabilities, not zero-days, with AI accelerating their scale.
• Introducing Trusted Access for Cyber — OpenAI's Trusted Access for Cyber provides controlled access to advanced AI models for defensive cybersecurity.
• Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked — Meta's AI support bot allowed one-shot Instagram account takeovers via simple requests, exposing critical integration flaws.
• 😺 OpenAI built a crypto thief — AI agents, particularly OpenAI's GPT-5.3-Codex, are highly effective at exploiting smart contract vulnerabilities.
• Introducing Lockdown Mode and Elevated Risk labels in ChatGPT — New OpenAI features enhance security against prompt injection by restricting external interactions and labeling risky capabilities.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by OpenAI News.