en.Wedoany.com Reported - On April 30, 2026, local time, OpenAI officially launched an optional security mode called "Advanced Account Security" for ChatGPT and Codex accounts. This feature replaces traditional password authentication with hardware security keys or software-based passkeys for login, thereby defending against common attack methods such as phishing, password guessing, and SIM swapping.

Users can enable this feature in the "Settings" > "Security" section of the ChatGPT web version. During the enrollment process, users need to register at least two security keys or passkeys, one of which serves as a backup credential. Once enabled, the system will permanently disable password login and cut off account recovery paths via email or SMS verification codes. OpenAI Chief Information Security Officer Dane Stuckey stated that security keys are one of the best means to protect accounts from phishing attacks. OpenAI has already made YubiKey a standard configuration for internal employee protection, and now, through Advanced Account Security, ChatGPT users can also choose the same level of anti-phishing protection when needed.

Login session times will be shortened accordingly, and users will receive notification reminders for each new login, with the ability to view and terminate active sessions at any time. After enabling this security mode, the account will also automatically opt out of AI model training, meaning the user's conversation data will not be used to improve future versions of ChatGPT. OpenAI acknowledged that this is a significant trade-off of "security for convenience"—users must safeguard the recovery key generated by the system during registration. If all registered security keys are lost and the recovery key is also missing, the OpenAI support team will be unable to restore account access.

To support the implementation of this security feature, OpenAI has established a strategic partnership with the Swedish-American hardware authentication company Yubico. The two parties jointly launched a custom dual-key kit, including the YubiKey C NFC for mobile NFC tap authentication and the YubiKey C Nano, which can be left plugged into a laptop port long-term, priced at $68, less than half of the $126 retail price. Yubico CEO Jerrod Chong pointed out that this collaboration aims to introduce anti-phishing security protection to the AI ecosystem on a large scale, significantly reducing the threat of unauthorized access to OpenAI accounts globally. Besides YubiKey, any FIDO2-compliant third-party security keys and software passkeys stored on devices can be used.

This feature is primarily aimed at user groups facing higher digital attack risks, such as journalists, government officials, political activists, and researchers, while also being open to all users seeking the highest level of account protection, including those on the free tier. Additionally, members participating in OpenAI's "Trusted Access for Cyber" program will be required to mandatorily enable this security feature by June 1, 2026.

The broader context for OpenAI launching this feature is the continuously increasing sensitivity of data accumulating in AI accounts—information such as medical symptoms, legal risks, business strategies, and proprietary code entered by users into ChatGPT could have serious consequences if leaked. In 2024, the Singapore-based cybersecurity company Group-IB discovered over 100,000 stolen ChatGPT account credentials on dark web markets, which allowed buyers full access to victims' chat histories.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com