HeadsUpAI

OpenAI Launches Advanced Account Security to Protect High Risk Users

OpenAI launched Advanced Account Security, a suite of hardened protections for ChatGPT and Codex accounts. The setting mandates phishing-resistant sign-in using passkeys or physical security keys while disabling password-based logins. It also restricts account recovery to hardware-backed methods, removing SMS-based takeover risks.
Required sign-in
Passkeys or FIDO-compliant security keys
Disabled methods
Passwords, SMS recovery, email recovery
Training policy
Automatic exclusion for enrolled accounts
Compliance deadline
June 1, 2026 (Trusted Access for Cyber)
Hardware partner
Yubico (discounted security key bundles)

As AI becomes core infrastructure, a compromised account can expose sensitive context or hijacked GPT-5.5 agentic workflows. The hardening directly addresses the OAuth-based supply-chain pattern seen in Vercel's third-party AI tool breach, extending OpenAI's GPT-5.4-Cyber expansion. By removing human-assisted recovery, OpenAI is prioritizing cryptographic certainty over convenience.

You can enroll in Advanced Account Security through the Security section of your ChatGPT settings on the web. Once enabled, conversations are automatically excluded from model training. Members of the Trusted Access for Cyber program must enable these protections by June 2026. OpenAI also partnered with Yubico for discounted hardware bundles.

View the full update on openai.com
OpenAI
OpenAI
@OpenAI
X

Now available for ChatGPT accounts: Advanced Account Security, a new opt-in setting for people at higher risk of digital attacks, with stronger protections including phishing-resistant sign-in and more secure account recovery. https://t.co/KhBGENuXzT

231retweets2.4klikes
View on X

Still wondering? A few quick answers below.

Advanced Account Security is an opt-in setting for ChatGPT and Codex accounts designed for users at high risk of digital attacks. It strengthens protection by requiring phishing-resistant sign-in methods like passkeys or physical security keys. Once enabled, it disables traditional password-based logins and SMS or email-based account recovery to prevent unauthorized takeovers.

Users can enroll in Advanced Account Security by navigating to the Security section of their ChatGPT account settings on the web. The protection applies to both ChatGPT and Codex accounts accessed through that login. Because it requires hardware-backed authentication, users should have a FIDO-compliant security key or a device that supports passkeys ready before starting.

Advanced Account Security disables traditional email and SMS recovery methods to prevent attackers from hijacking accounts through compromised phone numbers. Users must rely on backup passkeys, physical security keys, or recovery keys. OpenAI Support cannot assist with account recovery for enrolled users, making it the user's responsibility to maintain access to their secure recovery methods.

Yes, enabling Advanced Account Security automatically excludes your conversations from being used to train OpenAI models. This feature is designed for researchers, journalists, and professionals who handle sensitive information and want to ensure their data remains private without manually adjusting training preferences for every session. It provides a foundational layer of privacy alongside hardened security.

While the setting is currently opt-in for most users, individual members of the Trusted Access for Cyber program must enable Advanced Account Security by June 1, 2026. Organizations in the program can alternatively attest that they use phishing-resistant authentication through their existing single sign-on workflows. It is highly recommended for anyone in high-stakes roles like government or journalism.

Share this update