OpenAI has launched Advanced Account Security, a new opt-in setting for ChatGPT accounts built for individuals facing elevated risks of digital attacks, as well as anyone seeking the most robust account protections available. It consolidates a suite of enhanced security measures aimed at preventing account takeovers, while simplifying activation through a single location. Once activated, the feature also extends protection to Codex.
As people increasingly rely on AI for personal questions and high-stakes professional tasks, ChatGPT accounts can accumulate sensitive personal and professional context and become central to connected tools and workflows. For certain users-such as journalists, elected officials, political dissidents, researchers, and the especially security-minded-the risks are particularly significant.
This initiative is part of OpenAI's broader cybersecurity action plan aimed at expanding access to technologies that safeguard communities, critical systems, and national security. OpenAI wants users to have the controls necessary to make security and privacy decisions suited to their needs, while also ensuring they understand that the stronger protections come with greater responsibility for account recovery.
How Advanced Account Security Works
Advanced Account Security combines a series of controls that strengthen sign-in protections, tighten account recovery, limit exposure from compromised sessions, and provide users with greater visibility into account activity. Users can opt in via the Security section of their ChatGPT account settings on the web. The protection covers both ChatGPT and Codex accounts accessed through that login.
Stronger sign-in methods. The feature requires passkeys or physical security keys and disables password-based login, making phishing-resistant sign-in the default for those who need it most.
More secure account recovery. If a user's email or phone number is compromised, an attacker might attempt to use one of them to access their ChatGPT account through email- or SMS-based recovery. To mitigate this risk, Advanced Account Security disables email and SMS recovery, instead requiring stronger recovery methods: backup passkeys, security keys, and recovery keys. Because recovery is limited to these more secure options, OpenAI Support will be unable to assist with account recovery for enrolled users.
Shorter sessions and clearer session management. Sign-in sessions are shortened to reduce the exposure window if a device or active session is compromised. Users also receive alerts when a login occurs on their account and can review and manage active sessions across all signed-in devices.
Automatic training exclusion. Users handling particularly sensitive information may prefer that their conversations not be used for model training. With Advanced Account Security enabled, that preference is applied automatically: conversations from enrolled accounts will not be used to train OpenAI's models.
Phishing-Resistant Authentication Made More Accessible Through Yubico Partnership
Physical security keys, such as YubiKeys, represent one of the strongest defenses against phishing. To make this level of protection more accessible, OpenAI has partnered with Yubico, a leader in hardware-based authentication, to offer users preferred pricing on a customized bundle of top-tier security keys. The YubiKey C Nano is designed to remain in a laptop for simple, low-friction daily authentication, while the YubiKey C NFC serves as a backup and works across laptops and mobile devices.
Although the partnership was launched alongside Advanced Account Security, the bundle will be available to all eligible users in their security settings on the web, enabling broader adoption of stronger, phishing-resistant account protection. Users can also use any other FIDO-compliant security key or software-based passkeys.
Protecting Trusted Access for Cyber
OpenAI continues to expand programs that give verified defenders access to more capable and permissive models, and ensuring those defenders' accounts are protected with the most advanced security measures is essential.
Individual members of OpenAI's Trusted Access for Cyber program who access the most cyber-capable and permissive models will be required to enable Advanced Account Security starting June 1, 2026. Organizations with trusted access can alternatively attest that they have phishing-resistant authentication integrated into their single sign-on workflow.
An Important Step With More to Come
OpenAI is becoming core infrastructure for AI, enabling people worldwide and businesses of all sizes to build. ChatGPT's broad consumer reach creates a powerful distribution channel into the workplace, where demand is rapidly shifting from basic model access to intelligent systems that reshape business operations. Developers build on and expand the platform through OpenAI's APIs, and Codex is transforming how developers turn ideas into working software.
As AI becomes increasingly embedded in daily life, ensuring users have the controls they need to protect their privacy and security is more important than ever.
Privacy and security are foundational to how OpenAI builds all of its products, and the company will continue investing in protections that give people more control and stronger safeguards over time. OpenAI expects to extend this work to additional audiences, including enterprise environments, where stronger account security can be equally critical.
OpenAI users seeking additional protection can enroll in Advanced Account Security on the web starting today.